winbindd from samba in SuSE 8.2
Does this work for somebody? At least a confirmation that it does is what I need to keep trying. I was using winbindd from a samba 3.0 beta I compiled, and winbindd was working fine until the disk crashed. Now, I want to use winbindd from SuSE's samba packages, but I can't seem to be able to make it work again. So: 1. nmb smb and windbind are running 2. I have this in /etc/nsswitch.conf passwd: compat winbind group: compat winbind 3. this in /etc/pam.d/samba #%PAM-1.0 auth required pam_winbind.so account required pam_winbind.so The users need to access the server only with samba 4. this in /etc/samba/smb.conf security = domain winbind separator = + winbind uid = 10000-20000 winbind gid = 10000-20000 template homedir = /home/%U 5. The computer was joined to the domain with smbpasswd -j WIN Yet, when I try to access a share on this computer, the username is mapped to "nobody". What am I missing? Thanks.
Silviu Marin-Caea wrote:
Yet, when I try to access a share on this computer, the username is mapped to "nobody".
With the RIGHT password: smbclient //silviu/public -U deleteme%a added interface ip=192.168.1.87 bcast=192.168.1.255 nmask=255.255.255.0 Domain=[WIN] OS=[Unix] Server=[Samba 2.2.8a-SuSE] tree connect failed: NT_STATUS_WRONG_PASSWORD With the WRONG password smbclient //silviu/public -U deleteme%ad added interface ip=192.168.1.87 bcast=192.168.1.255 nmask=255.255.255.0 session setup failed: NT_STATUS_LOGON_FAILURE Notice the different NT_STATUS error. That leads me to believe that the dialogue between the winbindd and the w2k DC works, at least partially. Below is the log on the samba server, when accessed with the RIGHT username and password (the user exists on the W2k that is the Domain Controller). I don't understand for the world why the username is mapped to nobody, when it should get an UID in the 10000-20000 range. wbinfo -u does list the domain users cat /var/log/samba/log.smbd [2003/09/10 14:38:42, 3] smbd/oplock.c:init_oplocks(1214) open_oplock_ipc: opening loopback UDP socket. [2003/09/10 14:38:42, 3] lib/util_sock.c:open_socket_in(813) bind succeeded on port 0 [2003/09/10 14:38:42, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(298) Linux kernel oplocks enabled [2003/09/10 14:38:42, 3] smbd/oplock.c:init_oplocks(1245) open_oplock ipc: pid = 31751, global_oplock_port = 33978 [2003/09/10 14:38:43, 3] smbd/process.c:process_smb(846) Transaction 0 of length 72 [2003/09/10 14:38:43, 2] smbd/reply.c:reply_special(92) netbios connect: name1=SILVIU name2=SILVIU [2003/09/10 14:38:43, 2] smbd/reply.c:reply_special(111) netbios connect: local=silviu remote=silviu [2003/09/10 14:38:43, 3] smbd/process.c:process_smb(846) Transaction 1 of length 168 [2003/09/10 14:38:43, 3] smbd/process.c:switch_message(685) switch message SMBnegprot (pid 31751) [2003/09/10 14:38:43, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/09/10 14:38:43, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [PC NETWORK PROGRAM 1.0] [2003/09/10 14:38:43, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [MICROSOFT NETWORKS 1.03] [2003/09/10 14:38:43, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [MICROSOFT NETWORKS 3.0] [2003/09/10 14:38:43, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [LANMAN1.0] [2003/09/10 14:38:43, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [LM1.2X002] [2003/09/10 14:38:43, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [Samba] [2003/09/10 14:38:43, 3] smbd/negprot.c:reply_negprot(426) Selected protocol NT LANMAN 1.0 [2003/09/10 14:38:43, 3] smbd/process.c:process_smb(846) Transaction 2 of length 137 [2003/09/10 14:38:43, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 31751) [2003/09/10 14:38:43, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/09/10 14:38:43, 3] smbd/reply.c:reply_sesssetup_and_X(880) Domain=[WIN] NativeOS=[Unix] NativeLanMan=[Samba] [2003/09/10 14:38:43, 3] smbd/reply.c:reply_sesssetup_and_X(890) sesssetupX:name=[DELETEME] [2003/09/10 14:38:43, 3] libsmb/namequery.c:resolve_lmhosts(769) resolve_lmhosts: Attempting lmhosts lookup for name WIN<0x1b> [2003/09/10 14:38:43, 3] libsmb/namequery.c:resolve_wins(710) resolve_wins: Attempting wins lookup for name WIN<0x1b> [2003/09/10 14:38:43, 3] libsmb/namequery.c:resolve_wins(728) resolve_wins: WINS server == <192.168.1.61> [2003/09/10 14:38:43, 3] lib/util_sock.c:open_socket_in(813) bind succeeded on port 0 [2003/09/10 14:38:43, 2] libsmb/namequery.c:name_query(421) Got a positive name query response from 192.168.1.61 ( 192.168.1.61 ) [2003/09/10 14:38:43, 3] lib/util_sock.c:open_socket_in(813) bind succeeded on port 0 [2003/09/10 14:38:43, 3] libsmb/namequery.c:resolve_lmhosts(769) resolve_lmhosts: Attempting lmhosts lookup for name GENESYSDC<0x20> [2003/09/10 14:38:43, 3] libsmb/namequery.c:resolve_hosts(809) resolve_hosts: Attempting host lookup for name GENESYSDC<0x20> [2003/09/10 14:38:43, 3] libsmb/namequery.c:resolve_wins(710) resolve_wins: Attempting wins lookup for name GENESYSDC<0x20> [2003/09/10 14:38:43, 3] libsmb/namequery.c:resolve_wins(728) resolve_wins: WINS server == <192.168.1.61> [2003/09/10 14:38:43, 3] lib/util_sock.c:open_socket_in(813) bind succeeded on port 0 [2003/09/10 14:38:43, 2] libsmb/namequery.c:name_query(421) Got a positive name query response from 192.168.1.61 ( 192.168.1.61 ) [2003/09/10 14:38:43, 3] lib/util_sock.c:open_socket_out(845) Connecting to 192.168.1.61 at port 445 [2003/09/10 14:38:43, 3] smbd/reply.c:smb_create_user(543) smb_create_user: Running the command `echo deleteme >> /root/whatuser' gave 0 [2003/09/10 14:38:43, 3] smbd/reply.c:reply_sesssetup_and_X(1070) No such user deleteme [WIN] - using guest account [2003/09/10 14:38:43, 3] smbd/sec_ctx.c:push_sec_ctx(297) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/09/10 14:38:43, 3] smbd/uid.c:push_conn_ctx(286) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/09/10 14:38:43, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/09/10 14:38:43, 3] smbd/sec_ctx.c:get_current_groups(172) get_current_groups: user is in 2 groups: 65533, 65534 [2003/09/10 14:38:43, 3] smbd/sec_ctx.c:pop_sec_ctx(436) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/09/10 14:38:43, 3] smbd/sec_ctx.c:get_current_groups(172) get_current_groups: user is in 2 groups: 65533, 65534 [2003/09/10 14:38:43, 3] smbd/uid.c:fetch_sid_from_gid_cache(670) fetch sid from gid cache 10000 -> S-1-5-21-1078081533-1343024091-839522115-513 [2003/09/10 14:38:43, 3] smbd/password.c:register_vuid(336) uid 65534 registered to name nobody [2003/09/10 14:38:43, 3] smbd/password.c:register_vuid(338) Clearing default real name [2003/09/10 14:38:43, 3] smbd/password.c:register_vuid(340) User name: nobody Real name: nobody [2003/09/10 14:38:43, 3] smbd/process.c:process_smb(846) Transaction 3 of length 70 [2003/09/10 14:38:43, 3] smbd/process.c:switch_message(685) switch message SMBtconX (pid 31751) [2003/09/10 14:38:43, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/09/10 14:38:43, 2] smbd/service.c:make_connection(331) Invalid username/password for public [nobody] [2003/09/10 14:38:43, 3] smbd/error.c:error_packet(113) error packet at smbd/reply.c(166) cmd=117 (SMBtconX) NT_STATUS_WRONG_PASSWORD [2003/09/10 14:38:43, 3] smbd/process.c:timeout_processing(1066) end of file from client [2003/09/10 14:38:43, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/09/10 14:38:43, 2] smbd/server.c:exit_server(511) Closing connections [2003/09/10 14:38:43, 3] smbd/connection.c:yield_connection(48) Yielding connection to [2003/09/10 14:38:43, 3] smbd/server.c:exit_server(545) Server exit (normal exit)
Silviu Marin-Caea wrote:
Yet, when I try to access a share on this computer, the username is mapped to "nobody".
/etc/init.d/nscd stop chkconfig --del nscd DAMN!! ARRRGHHHH! It has costed me two days. It's finally working with SuSE's samba 2.2.8a. I think that /etc/init.d/winbind should check if nscd is running and refuse to start or something. Alan Civita, do you still need some help with winbind?
participants (1)
-
Silviu Marin-Caea