Greetings, I'm new to Samba and I'm wondering where I went wrong....
My setup: Two FreeBSD 5.1 machines Samba 3.0.1r2 from ports collection One tdbsam domain controller and one member server - domcon and memsrv My problem: I've been working on this for a few days and still scratching my head. I can view the base directory of the member server (only as root). But when I try to access folder shares on the member server as a non-root user, the WinXP pro client continually asks for login and password. XP is joined to the domain and I can browse and interact with the folder shares on the DC perfectly fine. I managed to crash the xp pro desktop an hour ago at the remote location so now I'm using smbclient on both the DC and member server to try and connect to the shared folders. >From either machines, smbclient will access the shares on the DC fine but gives "session setup failed: NT_STATUS_LOGON_FAILURE" when trying to access shares on the member server. Log.smbd on the member server reports error while log.smbd on the domain controller reports success. Wbinfo -u, -g and -t on the member server produce the correct results as noted in the official reference guide. Nsswitch.conf is setup by the book from the Fast Start chapter and I assume that the fact that I can at least browse to it means it's working. Log.smbd on the memberserver indicates a "no such user" failure while the corresponding logs in the domain controller show success. Log.winbind on the member looks like it is good too. Following, I've put up smb.conf, an smbclient session for a user "neil" who exists on the DC in the ntadmins group which is mapped to Domain Admins. I've also included log.smbd from both DC and MS and log.winbind from the member server. (I assume winbind is not necessary on the DC as it's not being used to querry another DC. Thanks in advance, Bill Ing The SMB.CONF file on the member server with just a test directory: ************************ [global] workgroup = DOM netbios name = MEMSRV security = DOMAIN encrypt passwords = yes password server = DOMCON idmap uid = 10000-15000 idmap gid = 10000-15000 winbind separator = '\' winbind use default domain = Yes winbind enum users = yes winbind enum groups = yes disable spoolss = Yes use sendfile = No log level = 2 passdb:2 auth:2 winbind:2 [test] path = /share/test valid users = @ntadmins ************************* The error messages and logs: PROMPT: memsrv# smbclient //memsrv/test -U neil Password: session setup failed: NT_STATUS_LOGON_FAILURE MEMSRV log.smbd: [2004/02/21 03:32:27, 10] nsswitch/wb_client.c:winbind_create_user(390) winbind_create_user: neil [2004/02/21 03:32:27, 0] auth/auth_util.c:make_server_info_info3(1080) make_server_info_info3: pdb_init_sam failed! [2004/02/21 03:32:27, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [neil] -> [neil] FAILED with error NT_STATUS_NO_SUCH_USER [2004/02/21 03:32:27, 2] smbd/server.c:exit_server(558) Closing connections MEMSRV log.winbind: [2004/02/21 04:04:13, 6] nsswitch/winbindd.c:new_connection(342) accepted socket 20 [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:winbind_client_read(457) client_read: read 1568 bytes. Need 0 more for a full request. [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:process_request(307) process_request: request fn INTERFACE_VERSION [2004/02/21 04:04:13, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(232) [ 1130]: request interface version [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(511) client_write: wrote 1300 bytes. [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:winbind_client_read(457) client_read: read 1568 bytes. Need 0 more for a full request. [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:process_request(307) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2004/02/21 04:04:13, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(268) [ 1130]: request location of privileged pipe [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(511) client_write: wrote 1300 bytes. [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(556) client_write: need to write 30 extra data bytes. [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(511) client_write: wrote 30 bytes. [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(545) client_write: client_write: complete response written. [2004/02/21 04:04:13, 6] nsswitch/winbindd.c:new_connection(342) accepted socket 21 [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:winbind_client_read(457) client_read: read 0 bytes. Need 1568 more for a full request. [2004/02/21 04:04:13, 5] nsswitch/winbindd.c:winbind_client_read(464) read failed on sock 20, pid 1130: EOF [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:winbind_client_read(457) client_read: read 1568 bytes. Need 0 more for a full request. [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:process_request(307) process_request: request fn PING [2004/02/21 04:04:13, 3] nsswitch/winbindd_misc.c:winbindd_ping(209) [ 1130]: ping [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(511) client_write: wrote 1300 bytes. [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:winbind_client_read(457) client_read: read 1568 bytes. Need 0 more for a full request. [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:process_request(307) process_request: request fn AUTH_CRAP [2004/02/21 04:04:13, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(275) [ 1130]: pam auth crap domain: YACIL user: neil [2004/02/21 04:04:13, 5] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(398) NTLM CRAP authentication for user [DOM]\[neil] returned NT_STATUS_OK (PAM: 0) [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(511) client_write: wrote 1300 bytes. [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(556) client_write: need to write 1024 extra data bytes. [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(511) client_write: wrote 1024 bytes. [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(545) client_write: client_write: complete response written. [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:winbind_client_read(457) client_read: read 1568 bytes. Need 0 more for a full request. [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:process_request(307) process_request: request fn CREATE_USER [2004/02/21 04:04:13, 3] nsswitch/winbindd_acct.c:winbindd_create_user(876) [ 1130]: create_user: user=>(neil), group=>() [2004/02/21 04:04:13, 5] nsswitch/winbindd_acct.c:wb_getgrnam(522) wb_getgrnam: Did not find group (nobody) [2004/02/21 04:04:13, 10] nsswitch/winbindd_acct.c:passwd2string(158) passwd2string: converting passwd struct for neil [2004/02/21 04:04:13, 10] nsswitch/winbindd_acct.c:wb_storepwnam(487) wb_storepwnam: Success -> "neil:x:15169:65534:neil:/home/MEMSRV/neil:/bin/false" [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:client_write(511) client_write: wrote 1300 bytes. [2004/02/21 04:04:13, 10] nsswitch/winbindd.c:winbind_client_read(457) client_read: read 0 bytes. Need 1568 more for a full request. [2004/02/21 04:04:13, 5] nsswitch/winbindd.c:winbind_client_read(464) read failed on sock 21, pid 1130: EOF DOMCON log.smbd: [2004/02/21 03:32:11, 3] smbd/process.c:process_smb(890) Transaction 38 of length 446 [2004/02/21 03:32:11, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 759) [2004/02/21 03:32:11, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/02/21 03:32:11, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=360 params=0 setup=2 [2004/02/21 03:32:11, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2004/02/21 03:32:11, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "NETLOGON" (pnum 7721)free_pipe_context: destroying talloc pool of size 0 [2004/02/21 03:32:11, 3] rpc_server/srv_pipe.c:api_rpcTNP(1509) api_rpcTNP: rpc command: NET_SAMLOGON [2004/02/21 03:32:11, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(577) SAM Logon (Network). Domain:[DOM]. User:[EMAIL PROTECTED] Requested Domain:[DOM] [2004/02/21 03:32:11, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2004/02/21 03:32:11, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/02/21 03:32:11, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/02/21 03:32:11, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/02/21 03:32:11, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2004/02/21 03:32:11, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2004/02/21 03:32:11, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2004/02/21 03:32:11, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/02/21 03:32:11, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/02/21 03:32:11, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/02/21 03:32:11, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) fetch sid from gid cache 1001 -> S-1-5-21-3648978000-1548753113-311820641-512 [2004/02/21 03:32:11, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) fetch sid from gid cache 1001 -> S-1-5-21-3648978000-1548753113-311820641-512 [2004/02/21 03:32:11, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) fetch sid from gid cache 1011 -> S-1-5-21-3648978000-1548753113-311820641-3023 [2004/02/21 03:32:11, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: sam authentication for user [neil] succeeded [2004/02/21 03:32:11, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2004/02/21 03:32:11, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/02/21 03:32:11, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/02/21 03:32:11, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/02/21 03:32:11, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [neil] -> [neil] -> [neil] succeeded [2004/02/21 03:32:11, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 4856 [2004/02/21 03:32:31, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/02/21 03:32:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
