I've been using Samba for about 7 years of so, but have hit a hurdle I
just can't seem to figure out.
I want to setup samba domain member servers to be members of a samba
3.0.25 (NT4 type) domain. No windbind, LDAP, or any other of the more
complex authentication mechanism. This is the same functionality going
way back to Samba 2.2, or so. In fact, I successfully did this on samba
2.2, but simply can't get it to work on samba 3. I've been hammering
away for two days and
I'm running Centos 4.5 (RHEL 4.5) host OSs with Samba 3.0.35b-1 RH rpms.
Both machines are fairly high end Core 2 Duo machines with plenty of
memory and hard drive space.
I've tried to widdle the smb.conf files to their bare essentials just
until I get this working.
Samba Domain Client (smb.conf):
[global]
workgroup = testnet
netbios name = client
security = domain
wins server = 90.0.0.25
log level = 10
encrypt passwords = yes
Samba PDC (smb.conf):
[global]
workgroup = testnet
netbios name = nameserver
passdb backend = smbpasswd:/etc/samba/smbpasswd
security = user
os level = 35
preferred master = Yes
domain master = Yes
encrypt passwords = Yes
domain logons = yes
[Note: IP of PDC is 90.0.0.25]
I am able to join the Samba Domain Client to the Samba domain, Testnet,
and can see that the machine account was successfully created on the PDC.
When I attempt to access a share on the Domain Client from the PDC using
a domain user, here is what I get:
[EMAIL PROTECTED] samba]# smbclient //client/public -U greg
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
Running the log level up to 10, it appears that the domain client is
being authenticated by the PDC as a domain member:
[2008/03/27 17:35:35, 10] libsmb/credentials.c:creds_client_check(327)
creds_client_check: credentials check OK.
[2008/03/27 17:35:35, 5]
rpc_client/cli_netlogon.c:rpccli_netlogon_setup_creds(346)
rpccli_netlogon_setup_creds: server NAMESERVER credential chain
established.
However, the Domain Client (Client) can't seem to authenticate the
domain user (greg) from the PDC. I know this user account is a valid
Samba account as I can's run smbclient activities on the PDC itself
using this account. Following is the portion of the log level 10 output
where the Domain Client seems to be looking for domain user on the PDC,
but can't find it:
[2008/03/27 17:35:35, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user TESTNET\greg
[2008/03/27 17:35:35, 5] lib/username.c:Get_Pwnam_internals(75)
Trying _Get_Pwnam(), username as lowercase is testnet\greg
[2008/03/27 17:35:35, 5] lib/username.c:Get_Pwnam_internals(83)
Trying _Get_Pwnam(), username as given is TESTNET\greg
[2008/03/27 17:35:35, 5] lib/username.c:Get_Pwnam_internals(93)
Trying _Get_Pwnam(), username as uppercase is TESTNET\GREG
[2008/03/27 17:35:35, 5] lib/username.c:Get_Pwnam_internals(102)
Checking combinations of 0 uppercase letters in testnet\greg
[2008/03/27 17:35:35, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals didn't find user [TESTNET\greg]!
The only thing that works for me is to create the domain user account on
the domain client that mirrors what is on the PDC, which is basically
USER level authentication.
Any suggestions would be GREATLY appreciated.
Thank you.
Greg
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
