1) "winbind separator" is spelled wrong in your smb.conf file. 2) Can you post a snip of the server config section of smb.conf (e.g. not the share section)?
3) Did you configure /etc/krb5.conf and run kinit? Does klist give you any values? On Tue, 27 Jul 2004 13:59:55 -0500, Chris Goff <[EMAIL PROTECTED]> wrote: > I'm having a *terrible* time trying to get Samba 3 to communicate with my > Windows 2003 Active Directory Server (the primary and only domain on my > network). Basically this is what I'm trying to do: create a Linux File > Server to replace my old WinNT 4 File Server. I would like it to show up > under all my XP clients on network neighborhood just like the old server, > with each account on my network having a folder on the file server that > they can work with i.e. > > John Doe (jdoe account name on the Windows 2003 domain) has a folder on > "Hobbes" (the Linux File Server running Samba 3) named "jdoe" that only he > and anyone in the Administrators group can access. This is how I had it > setup with the old WinNT 4 file server. > > Obviously I'm not looking for anything fancy, just some decent security by > using the same users/groups between the file server and the domain server, > and some folder shares for each account. > > I've done some research on the web, read the Samba HOWTO, the Unofficial > HOWTO, and a paper on this website: > http://www.wlug.org.nz/ActiveDirectorySamba > > I'm running a Slackware 10 operating system, removed the original Samba > 3.0.4 (wasn't compiled with several required options) package and compiled > Samba 3.0.5 with the correct options (after installing numerous other > libraries such as PAM and OpenLDP). > > I've primarily been trying to follow the tutorial posed here: > http://www.wlug.org.nz/ActiveDirectorySamba. I have run into things that > simply don't exist on my system, such as /etc/pam.d/samba, etc. shown as > steps in that tutorial. I am able to see the system in my Active Directory > on the Win2k3 machine, and I can access shares if I go in manually (shares > that I have set up with SWAT) on my WinXP clients using \\Hobbes > (presented with login/pass prompt). However, it does not show up as an > icon under Network Places, and is shown as a Domain Controller under the > Active Directory. > > Here's a copy of my log.winbindd: > > Last login: Mon Jul 26 16:07:11 2004 from 10.0.0.3 > Linux 2.4.26. > [EMAIL PROTECTED]:/usr/local/samba/var# more log.winbindd > [2004/07/27 09:13:23, 1] nsswitch/winbindd.c:main(843) > winbindd version 3.0.5 started. > Copyright The Samba Team 2000-2004 > [2004/07/27 09:13:23, 0] param/loadparm.c:map_parameter(2420) > Unknown parameter encountered: "winbind seperator" > [2004/07/27 09:13:23, 0] param/loadparm.c:lp_do_parameter(3110) > Ignoring unknown parameter "winbind seperator" > [2004/07/27 09:13:23, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) > Added domain NLES NLES.LOCAL S-0-0 > [2004/07/27 09:13:30, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) > ads_connect for domain NLES failed: No such file or directory > [2004/07/27 09:13:30, 1] nsswitch/winbindd_util.c:init_domain_list(327) > Could not fetch sid for our domain NLES > [2004/07/27 09:14:20, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) > ads_connect for domain NLES failed: Transport endpoint is not connected > [2004/07/27 10:41:26, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) > ads_connect for domain NLES failed: Transport endpoint is not connected > [2004/07/27 11:00:02, 1] nsswitch/winbindd.c:main(843) > winbindd version 3.0.5 started. > Copyright The Samba Team 2000-2004 > [2004/07/27 11:00:02, 0] lib/pidfile.c:pidfile_create(84) > ERROR: winbindd is already running. File > /usr/local/samba/var/locks/winbindd.p > id exists and process id 18315 is running. > [2004/07/27 11:01:04, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) > ads_connect for domain NLES failed: No such file or directory > [2004/07/27 11:06:18, 1] nsswitch/winbindd.c:main(843) > winbindd version 3.0.5 started. > Copyright The Samba Team 2000-2004 > [2004/07/27 11:06:18, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) > Added domain NLES NLES.LOCAL S-0-0 > [2004/07/27 11:06:18, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306) > krb5_cc_get_principal failed (No credentials cache found) > [2004/07/27 11:06:18, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) > Added domain BUILTIN S-1-5-32 > [2004/07/27 11:06:18, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) > Added domain HOBBES S-1-5-21-1198646081-1480357316-948041017 > [2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884) > winbindd_create_user: Refusing to create user that already exists > (Administrat > or) > [2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884) > winbindd_create_user: Refusing to create user that already exists > (Administrat > or) > [2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884) > winbindd_create_user: Refusing to create user that already exists > (Administrat > or) > [2004/07/27 11:19:55, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884) > winbindd_create_user: Refusing to create user that already exists > (Administrat > or) > [EMAIL PROTECTED]:/usr/local/samba/var# > > So basically, does anyone have some steps they went through to get a basic > samba 3 file server running on their 2003 ADS network? > > Also, I'd *really* like to be able to use ACL to control folder > permissions from WinXX clients rather than fudging with unix permissions. > Does ReiserFS support ACL, or do I need to use another file system? > > Samba n00b, frusterated but hanging in there... > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
