Any reason why you don't use security=ads and kerberos so that you
get single sign on for shares with your AD users?
This way they don't need to supply user/pass to samba shares as samba
kan handles the kerberos tickets issued when they logged on to the
win box.
cheers
6 nov 2006 kl. 21:59 skrev Brad Isbell:
Any help would be very much appreciated.
My Configuration-
Solaris 8 - hostname = vail
Samba 3.0.10 (downloaded from sunfreeware.com)
As per the instructions on sunfreeware, I have also installed the
following packages-
libgcc-3.3
libiconv-1.9.2
libintl-3.4.0
ncurses-5.4
popt 1.7
readline 5.1
Also on my network-
A Windows 2003 ES domain controller: hostname = SEEDS1 domain = SEEDS
A Windows 2003 ES system: hostname = SEEDS2 member of domain SEEDS
Objective:
All I want is for my users on the windows hosts to be able to
access shared resources from the samba server. I want all
authentication to go through the DC, I do not want to have to
maintain a local smbpasswd file.
Problem:
When I put a directory search path of \\vail\Samba into the Windows
system it prompts for a username and password. When I put in the
username and password of a domain account I do not get access to
the share. I can log into a windows system with the domain
information, so I know it's not a problem with the domain
configuration.
smb configuration from log.smbd:
Processing section "[global]"
doing parameter workgroup = SEEDS
doing parameter server string = Samba Server
doing parameter security = domain
doing parameter encrypt passwords = yes
doing parameter load printers = yes
doing parameter log file = /usr/local/samba/var/log.%m
doing parameter max log size = 50
doing parameter socket options = TCP_NODELAY
doing parameter dns proxy = no
[2006/11/06 14:26:12, 2] param/loadparm.c:do_section(3412)
Processing section "[homes]"
doing parameter comment = Home Directories
doing parameter browseable = no
doing parameter writable = yes
[2006/11/06 14:26:12, 2] param/loadparm.c:do_section(3412)
Processing section "[SAMBA]"
doing parameter comment = Samba Packages
doing parameter path = /export/Samba
doing parameter public = yes
doing parameter writeable = no
[2006/11/06 14:26:12, 2] param/loadparm.c:do_section(3412)
Processing section "[printers]"
doing parameter comment = All Printers
doing parameter path = /usr/spool/samba
doing parameter browseable = no
doing parameter guest ok = no
doing parameter writable = no
doing parameter printable = yes
Tests on Samba server.
These tests show that the Samba server does have access to the domain.
Test 1 : use wbinfo to authenticate user account - SUCCESS
# wbinfo -a bisbell%PASSWORD
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user bisbell%PASSWORD with plaintext password
challenge/response password authentication succeeded
Test 2: Use wbinfo to show that domain info is accessable - SUCCESS
# wbinfo -u
SEEDS\Administrator
SEEDS\bisbell
SEEDS\cowens
SEEDS\Guest
SEEDS\krbtgt
# wbinfo -g
BUILTIN\System Operators
BUILTIN\Replicators
BUILTIN\Guests
BUILTIN\Power Users
BUILTIN\Print Operators
BUILTIN\Administrators
BUILTIN\Account Operators
BUILTIN\Backup Operators
BUILTIN\Users
SEEDS\Domain Admins
SEEDS\Domain Users
SEEDS\Domain Guests
SEEDS\Domain Computers
SEEDS\Domain Controllers
SEEDS\Schema Admins
SEEDS\Enterprise Admins
SEEDS\Group Policy Creator Owners
SEEDS\DnsUpdateProxy
Possible Related Problems-
The smbclient command does not work.
# smbclient -U bisbell //vail/Samba
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
smbtree produces no output
# smbtree
password:
#
Any ideas on what I'm doing wrong?
Thanks,
Brad
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
