I am setting up my first 3.0.1 installation. I am using Slackware 9.1, I am trying to connect to a Windows 2000 Server. I do not need active directory support (as far as I know). The server's function is a file server. So Users need seamless authentication... of course. I do not have LDAP installed. It's a plain server besides the 3ware RAID.
I compiled and installed samba 3.0.1, standard paths. I followed the howto on the samba site. It is %99 working. Smbd, nmbd, winbindd are all running. #wbinfo -t checking the trust secret via RPC calls succeeded # wbinfo -p Ping to winbindd succeeded on fd 4 Getent passwd, getent group works fine. I can assign permissions to domain users like "chown domain+user file" However when I try to connect from the PDC to the linux box with a domain user account, it won't let me in. The name of the PDC is "w2ksrv1", and linux box is "macfiles". The domain is "mac". I was able to add a local user "testuser" and add it through smbpasswd, and authenticate. And view shares, and go into the "tmp" share. Conf file: UW PICO(tm) 4.6 File: /usr/local/samba/lib/smb.conf [global] workgroup = MAC winbind separator = + idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template homedir = /home/winnt/%D/%U template shell = /bin/false server string = Samba Server hosts allow = 192.168.1. 127. load printers = yes log file = /var/log/samba.%m max log size = 50 security = user password server = * encrypt passwords = yes socket options = TCP_NODELAY ; interfaces = 192.168.12.2/24 192.168.13.2/24 dns proxy = no #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes # This one is useful for people to share files [tmp] comment = Temporary file space path = /tmp read only = no public = yes File Attributes: # ls -la /lib/libnss_winbind.so* -rwxr-xr-x 1 root root 19511 Jan 2 14:29 /lib/libnss_winbind.so* lrwxrwxrwx 1 root root 22 Jan 2 14:30 /lib/libnss_winbind.so.2 -> /lib/libnss_winbind.so* Was not able to configure SAMBA with the "--with-pam" switch. Also I have no /etc/pam.d directory. ( is that bad?) Winbind output: /usr/local/samba/sbin/winbindd -i -d3 winbindd version 3.0.1 started. Copyright The Samba Team 2000-2003 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/usr/local/samba/lib/smb.conf" Processing section "[global]" Processing section "[homes]" Processing section "[tmp]" adding IPC service adding IPC service added interface ip=192.168.1.20 bcast=192.168.1.255 nmask=255.255.255.0 added interface ip=192.168.1.20 bcast=192.168.1.255 nmask=255.255.255.0 Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED resolve_lmhosts: Attempting lmhosts lookup for name MAC<0x1c> resolve_wins: Attempting wins lookup for name MAC<0x1c> resolve_wins: WINS server resolution selected and no WINS servers listed. resolve_hosts: Attempting host lookup for name MAC<0x20> rpc_dc_name: Returning DC W2KSRV1 (192.168.1.10) for domain MAC IPC$ connections done by user MAC\<DOMAIN ADMIN> Connecting to host=W2KSRV1 Connecting to 192.168.1.10 at port 445 Doing spnego session setup (blob length=112) got OID=1 2 840 48018 1 2 2 got OID=1 2 840 113554 1 2 2 got OID=1 2 840 113554 1 2 2 3 got OID=1 3 6 1 4 1 311 2 2 10 got principal=w2ksrv1$@<full domain name> Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 add_trusted_domain: MAC is a native mode domain Added domain MAC scanning trusted domain list rpc: trusted_domains rpc_dc_name: Returning DC W2KSRV1 (192.168.1.10) for domain MAC IPC$ connections done by user MAC\<DOMAIN ADMIN> Connecting to host=W2KSRV1 Connecting to 192.168.1.10 at port 445 Doing spnego session setup (blob length=112) got OID=1 2 840 48018 1 2 2 got OID=1 2 840 113554 1 2 2 got OID=1 2 840 113554 1 2 2 3 got OID=1 3 6 1 4 1 311 2 2 10 got principal=w2ksrv1$@<full domain name> Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 scanning trusted domain list rpc: trusted_domains The Win2k active directory domain name is actually a SUB domain so, mac.fulldomain.com. Which is non-standard I believe, FYI. When the windows system tries to connect here is the log: # tail -f /var/log/samba.w2ksrv1 [2004/01/03 14:05:57, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(189) startsmbfilepwent_internal: file /usr/local/samba/private/smbpasswd did not exist. File successfully created. [2004/01/06 21:06:52, 1] smbd/service.c:make_connection_snum(705) w2ksrv1 (192.168.1.10) connect to service tmp initially as user testuser (uid=10025, gid=100) (pid 15576) [2004/01/06 21:09:05, 1] smbd/service.c:close_cnum(887) w2ksrv1 (192.168.1.10) closed connection to service tmp You can see my testuser connect. More logs: # tail /usr/local/samba/var/log.nmbd [2004/01/06 20:54:29, 0] nmbd/nmbd.c:main(664) Netbios nameserver version 3.0.1 started. Copyright Andrew Tridgell and the Samba Team 1994-2003 [2004/01/06 22:53:13, 0] nmbd/nmbd.c:terminate(54) Got SIGTERM: going down... [2004/01/06 22:53:28, 0] nmbd/nmbd.c:main(664) Netbios nameserver version 3.0.1 started. Copyright Andrew Tridgell and the Samba Team 1994-2003 [2004/01/06 22:53:28, 0] nmbd/nmbd.c:main(683) standard input is not a socket, assuming -D option # tail /usr/local/samba/var/log.smbd Copyright Andrew Tridgell and the Samba Team 1992-2003 [2004/01/06 20:53:50, 0] smbd/server.c:main(747) smbd version 3.0.1 started. Copyright Andrew Tridgell and the Samba Team 1992-2003 [2004/01/06 20:54:29, 0] smbd/server.c:main(747) smbd version 3.0.1 started. Copyright Andrew Tridgell and the Samba Team 1992-2003 [2004/01/06 22:53:25, 0] smbd/server.c:main(747) smbd version 3.0.1 started. Copyright Andrew Tridgell and the Samba Team 1992-2003 Any help would be greatly appreciated! (let me know if I forgot anything) :p -- Wm. Dean Dufresne Dufresne IT Consulting -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba