HPE Community
Operating System - HP-UX
1820879 Members
5207 Online
109628 Solutions
New Discussion юеВ

samba don't use DC to authenticate users

 
Mauro Gatti
Valued Contributor

тАО07-27-2005 11:38 PM

тАО07-27-2005 11:38 PM

samba don't use DC to authenticate users

Hi all,
I'm trying to use samba server as domain member. I would like it uses windows 2003 DC to authenticate users but I'm not able to do this.

If any user try to connect to samba server I got this error (log.smbd):

[Thu Jul 28 13:21:55 2005
, 2] smbd/server.c:open_sockets_smbd(329)
waiting for a connection
[Thu Jul 28 13:24:48 2005
, 0] smbd/server.c:open_sockets_smbd(387)
[Thu Jul 28 13:24:48 2005
, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
open_sockets_smbd: accept: No buffer space available
[Thu Jul 28 13:24:48 2005
, 2] smbd/sesssetup.c:setup_new_vc_session(608)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[Thu Jul 28 13:24:48 2005
, 0] auth/auth_util.c:make_server_info_info3(1195)
make_server_info_info3: pdb_init_sam failed!
[Thu Jul 28 13:24:48 2005
, 2] auth/auth.c:check_ntlm_password(310)
check_ntlm_password: Authentication for user [scima] -> [scima] FAILED with error NT_STATUS_NO_SUCH_USER
[Thu Jul 28 13:24:48 2005
, 2] smbd/server.c:exit_server(609)
Closing connections

If I use an user who is present in smbpasswd file allthings seem to work fine.
This is my [global] section of smb.conf


# more ../lib/smb.conf
[global]
interfaces = lan0 lo0
netbios name = s2dp1
server string = Samba %v on %L
workgroup = mydomain
realm = mydomain.italy
security = domain
password server = dc1 dc2 dc3 dc4
encrypt passwords = yes
log level = 2
max log size = 1000
passdb backend = smbpasswd
guest account = smbnull
wins server = x.x.x.x
show add printer wizard = No
preferred master = No
local master = No
domain master = No
winbind uid = 10000-20000
winbind gid = 10000-20000
client schannel = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template primary group = users
winbind enum users = No
winbind enum groups = No

Can you help me?

Thank You
Ubi maior, minor cessat!
0 Kudos
Reply
4 REPLIES 4
Martin Brachtl
Advisor

тАО07-28-2005 12:39 AM

тАО07-28-2005 12:39 AM

Re: samba don't use DC to authenticate users

It is necessary to join the domain first. In other words, the machine should have special user account on the DC. After you join the domain, the authentization request will be accepted by DC.

Consult the manpages how to do this.
It will be necessary to pass the Administrator password of the DC.
0 Kudos
Reply
Mauro Gatti
Valued Contributor

тАО07-28-2005 12:48 AM

тАО07-28-2005 12:48 AM

Re: samba don't use DC to authenticate users

I did a net join command with successfull
wbinfo read group ad domain users from dc
Ubi maior, minor cessat!
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО07-28-2005 01:32 AM

тАО07-28-2005 01:32 AM

Re: samba don't use DC to authenticate users

What version of samba? doesn't look like HP's....as smb.conf should be in /etc/opt/samba

I see you are using winbind - is it running?

Also set a separator:

winbind separator = +

As well as valid users:

valid users = mydomain+user1, mydomain+user2, mydomain+user3, etc


Do you have winbind in:

# cat /etc/nsswitch.conf
#
# /etc/nsswitch.files:
#
# @(#)B.11.11_LR
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# does not use any name services.
#
passwd: files winbind
group: files winbind


Is this how you joined?

/opt/samba/bin/net rpc join -U administrator

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Mauro Gatti
Valued Contributor

тАО07-28-2005 10:56 PM

тАО07-28-2005 10:56 PM

Re: samba don't use DC to authenticate users

Geoff, i installed samba 3.0.14a downloaded directly from samba.org.

Only one thing I have to ask you...
If I modify nsswtich adding winbind (which is running) I suppose I will have login problems (I have trusted system).
Pheraps I can solve them setting correctly pam... Is it correct?

Thank You
Ubi maior, minor cessat!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.