[Samba] NT4 Domain Member Server Access Denied v3.07

[Dennis]

I want to set up a Samba Server (Cactus_3) as member server in our NT4 
domain (PDC is Cactus_1, BDC is Cactus_2). We have about 50 client 
workstations most of which are WinXP but we have a few Win2K and Win98 
machines.  Shortly we will migrate off the NT4 servers but in the 
meantime we wish to test some real time scenarios.  It is for this 
reason that I want SSO so the tests are transparant to the users.  I 
don't want to replicate 40 users into the unix environment.  I followed 
the setup in Chapter 2 of the HOWTO Collection for a Domain Member server.

I am using Samba 3.07 on Suse 9.1. My smb.conf file follows the 
signature line as well as nsswitch.conf file.

I have reread chapters 3,6, & 9 from the HOW-TO Collection.  I have read 
through the archives for October & September and googled the user group, 
but i am still not finding what I am missing.  Here is an outline of 
whats happening.

1) "linux~# net rpc join -U<domainadmin>%<password>" works, at least it 
responds with 'Joined domain DOMAIN'.

2) "linux~# wbinfo --set-auth-user=,<domainadmin>%<password>" appears to 
succeed.

3) "linux~# wbinfo -u" succeeds in giving a list of all domain users 
(same for groups with -g flag) however it shows "domainuser" only and 
not "DOMAIN+domainuser" as indicated in the chapter text.

4) "linux~# getent passwd <domainuser>" succeeds.
5) "linux~# chown <domainuser> /export/a_file" appears to succeed 
however a listing of "/export/a_file" shows owner remaining as 'root'.

6) "linux~# net rpc trustdom list" fails with the message:
linux:~ # net rpc trustdom list
Password:
Could not connect to server CACTUS_1
The username or password was not correct.
[2004/10/06 16:31:06, 0] utils/net_rpc.c:rpc_trustdom_list(3030)
 Couldn't connect to domain controller
linux:~ #
7) Other 'net rpc' commands fail as illustrated:
linux:~ # net rpc samdump
[2004/10/06 16:36:41, 0] utils/net_rpc_samsync.c:rpc_samdump_internals(216)
 Could not fetch trust account password
linux:~ # net rpc getsid
Storing SID S-1-5-21-1930001043-1750228388-9522986 for Domain DOMAIN in 
secrets.tdb
linux:~ # net rpc vampire
Could not retrieve domain trust secret

8) From Windows Explorer on a Windows PC workstation I see the Samba 
server (Cactus_3) and I see shares (ACCTMATE, DOCUMENTS, PICTURES, 
Printer LexMark T522) but I get 'Permission Denied' when attempting to 
access.  Mapping through "net use k: \\cactus_3\documents" succeeds but 
access is still denied. A directory listing from the command window 
responds as "File not found."

Please be so kind as to point out what I am missing.  Thank you for your 
kind help.

Dennis A. Johnson
Controller
K.M.B., Inc.
Phoenix, Arizona, USA
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
smb.conf
#~  Configuration for Samba Server (Cactus_3) to be a member server on 
NT4 domain DOMAIN
#~  Shares should be accessible to every authenticated user on DOMAIN.  
#~  PDC is Cactus_1 (192.168.0.70) is also WINS server
#~  BDC is Cactus_2 (192.168.0.252) is also DHCP server
#~  Network is 192.168.0.0/24
#~  revisions 1.0 10/06/2004 1:00PM
#
#
[global]
  workgroup = domain
  server string = Samba Server
  netbios name = Cactus_3
  security = domain
  password server = CACTUS_1 CACTUS_2
  wins server = 192.168.0.70
  winbind separator = +
  winbind use default domain = yes
  winbind uid = 10000-20000
  winbind gid = 10000-20000
  winbind cache time = 15
  winbind enum users = yes
  winbind enum groups = yes
  idmap uid = 15000-20000
  idmap gid = 15000-20000
  use sendfile = yes
  interfaces = 127.0.0.1 eth0
  hosts allow = 192.168.0. 127.
  bind interfaces only = true
  local master = no
  printing = cups
  printcap name = cups
  printer admin = @ntadmin, root, administrator
  disable spoolss = yes
  map to guest = Bad User
  encrypt passwords = yes
  passdb backend = smbpasswd
#   SO_RCVBUF=8192 SO_SNDBUF=8192
#   socket options = TCP_NODELAY

#   add machine script =
#   domain master = false
#   domain logons = yes
#   local master = no
#   preferred master = auto
#   ldap suffix = dc=example,dc=com
   
[homes]
  comment = Home Directories
  valid users = %S
  browseable = no
  read only = no
  guest ok = no
  printable = no

[ACCTMATE]
  comment = Accounting Application Only
  path = /export/ACCTMATE
  writeable = yes
  inherit permissions = yes
#   veto files = /aquota.user/groups/shares/
  browseable = yes
  guest ok = no
  printable = no
[Documents]
  comment = Public Documents
  path = /export/Documents
  writeable = yes
  inherit permissions = yes
  browseable = yes
  guest ok = no
#  printable = yes
[Pictures]
  comment = Public Pictures
  path = /export/Pictures
  read only = no
  writeable = yes
#  printable = yes
  browseable = yes
  inherit permissions = yes
  guest ok = no
[printers]
  comment = All Printers
  path = /var/spool/samba
  printer admin = root, itadminkmb, dennis
  printable = yes
  create mask = 0600
  browseable = no
  guest ok = no
[print$]
  comment = Printer Drivers
  path = /var/lib/samba/drivers
  write list = @ntadmin root
  force group = ntadmin
  create mask = 0664
  directory mask = 0775
  browseable = yes
  guest ok = no
  printable = no
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nsswitch.conf
#
# /etc/nsswitch.conf
#
passwd: files winbind
# shadow: files nis
group:  files winbind
hosts:  files dns winbind
# passwd:    compat
# group:    compat
# hosts:    files dns
#networks:    files dns
services:    files
protocols:    files
rpc:    files
ethers:    files
netmasks:    files
netgroup:    files
publickey:    files
bootparams:    files
automount:    files nis
aliases:    files
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba