Afternoon! Let me apologize first if this is something soooo simple, but i have been working on this for days and I'm still stuck on one part.
Where to start. Small user environment (under 100 users) using Active Directory on Win 2k3 server. Running Fedora 8 on a server, and I am trying to get it added to the domain, and to be able to access a share using Windows usernames and passwords. The server (known from here as fedoraftp) can kinit [EMAIL PROTECTED] /]# kinit Administrator Password for [EMAIL PROTECTED]: [EMAIL PROTECTED] /]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 12/28/07 12:44:31 12/28/07 22:44:35 krbtgt/[EMAIL PROTECTED] renew until 12/29/07 12:44:31 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [EMAIL PROTECTED] /]# It can join the domain [EMAIL PROTECTED] /]# net ads join -U Administrator Administrator's password: Using short domain name -- DOMAIN Joined 'FEDORAFTP' to realm 'DOMAIN.LOCAL' [EMAIL PROTECTED] /]# wbinfo -u, wbinfo -g, getent passwd and getent group both show correct information (not going to show output). I can also login locally on fedoraftp using my windows username and password and not have any issues. What i cannot get to work is accessing the share, as it wont take any username/password thrown at it. smb.conf [global] log file = /var/log/samba/log.%m guest account = admin load printers = no show add printer wizard = No idmap gid = 10000-20000 smb passwd file = /etc/samba/smbpasswd unix password sync = yes guest ok = yes encrypt passwords = yes realm = PIPFS.LOCAL template shell = /bin/bash netbios name = FEDORAFTP cups options = raw server string = Fedora Server Ver %v idmap uid = 10000-20000 password server = 192.168.0.240 winbind nested groups = yes workgroup = PIPFS dns proxy = no passwd program = /usr/bin/passwd %u obey pam restrictions = yes os level = 20 security = ads preferred master = no max log size = 50 winbind separator = # winbind cache time = 0 log level = 3 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes passdb backend = tdbsam [FTP] msdfs root = yes inherit permissions = yes writeable = yes admin users = @"domain users" path = /home/ftpshare/ create mask = 700 directory mask = 700 valid users = admin,@"domain users", inherit acls = yes ; public=yes Output of /var/log/samba/log.smbd [2007/12/28 12:53:05, 0] smbd/server.c:main(944) smbd version 3.0.28-0.fc8 started. Copyright Andrew Tridgell and the Samba Team 1992-2007 [2007/12/28 12:53:05, 2] param/loadparm.c:do_section(3796) Processing section "[FTP]" [2007/12/28 12:53:05, 3] param/loadparm.c:lp_add_ipc(2711) adding IPC service [2007/12/28 12:53:05, 3] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2007/12/28 12:53:05, 3] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2007/12/28 12:53:05, 3] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2007/12/28 12:53:05, 3] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2007/12/28 12:53:05, 2] lib/interface.c:add_interface(81) added interface ip=192.168.0.50 bcast=192.168.0.255 nmask=255.255.255.0 [2007/12/28 12:53:05, 3] smbd/server.c:main(982) loaded services [2007/12/28 12:53:05, 3] smbd/server.c:main(997) Becoming a daemon. [2007/12/28 12:53:05, 2] lib/tallocmsg.c:register_msg_pool_usage(105) Registered MSG_REQ_POOL_USAGE [2007/12/28 12:53:05, 2] lib/dmallocmsg.c:register_dmalloc_msgs(75) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2007/12/28 12:53:05, 3] passdb/lookup_sid.c:store_gid_sid_cache(1133) store_gid_sid_cache: gid 0 in cache -> S-1-5-21-3422581952-716862249-2814536807-1002 [2007/12/28 12:53:05, 3] passdb/lookup_sid.c:store_gid_sid_cache(1133) store_gid_sid_cache: gid 10000 in cache -> S-1-5-32-544 [2007/12/28 12:53:05, 3] passdb/lookup_sid.c:store_gid_sid_cache(1133) store_gid_sid_cache: gid 10001 in cache -> S-1-5-32-545 [2007/12/28 12:53:05, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/12/28 12:53:05, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/12/28 12:53:05, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/12/28 12:53:05, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/12/28 12:53:05, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-22-1-0] [2007/12/28 12:53:05, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2007/12/28 12:53:05, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-11] [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(250) [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(250) [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(250) [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(250) [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(250) [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(250) [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(250) [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(250) [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(250) [2007/12/28 12:53:05, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2007/12/28 12:53:05, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: "192.168.0.240, 192.168.0.240" [2007/12/28 12:53:05, 3] libads/ldap.c:ads_connect(394) Connected to LDAP server 192.168.0.240 [2007/12/28 12:53:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2007/12/28 12:53:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2007/12/28 12:53:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2007/12/28 12:53:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2007/12/28 12:53:05, 3] libads/sasl.c:ads_sasl_spnego_bind(222) ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED] [2007/12/28 12:53:05, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2007/12/28 12:53:05, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:prtpub_cache] expiration Fri, 28 Dec 2007 22:53:05 CST [2007/12/28 12:53:05, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/12/28 12:53:05, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/12/28 12:53:05, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/12/28 12:53:05, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/12/28 12:53:05, 3] passdb/lookup_sid.c:store_gid_sid_cache(1133) store_gid_sid_cache: gid 10008 in cache -> S-1-5-21-1220945662-682003330-839522115-513 [2007/12/28 12:53:05, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 10000 -> S-1-5-32-544 [2007/12/28 12:53:05, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 10001 -> S-1-5-32-545 [2007/12/28 12:53:05, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/12/28 12:53:05, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/12/28 12:53:05, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/12/28 12:53:05, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/12/28 12:53:05, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-3422581952-716862249-2814536807-501] [2007/12/28 12:53:05, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-1220945662-682003330-839522115-513] [2007/12/28 12:53:05, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2007/12/28 12:53:05, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2007/12/28 12:53:05, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-22-2-10008] [2007/12/28 12:53:05, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-32-545] [2007/12/28 12:53:05, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 10008 -> S-1-5-21-1220945662-682003330-839522115-513 [2007/12/28 12:53:05, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 10001 -> S-1-5-32-545 [2007/12/28 12:53:05, 3] printing/printing.c:start_background_queue(1388) start_background_queue: Starting background LPQ thread [2007/12/28 12:53:05, 2] smbd/server.c:open_sockets_smbd(458) waiting for a connection The main thing i see in the log from the computer trying to connect is (log is huge...not going to post it all) [2007/12/28 12:56:55, 2] smbd/service.c:make_connection_snum(616) user 'DOMAIN#redwards' (from session setup) not permitted to access this share (FTP) [2007/12/28 12:56:55, 3] smbd/error.c:error_packet_set(106) error packet at smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED redwards is part of the group "Domain Users" Im at a HUGE loss right now how to go about this, as im still pretty green to this whole type of setup. Any advice would be helpful. If more info is required, please ask and ill provide it as i would like to resolve this issue. Cheers! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba