I'm not sure if this thread is making it on the list as I'm the only one
responding, but, here goes...
The more I look, the more the problem appears to be UID range conflicts.
Some background: this machine was originally built with Samba 2.x, but
was upgraded a while back to 3.x (now 3.0.23d). I think I might be using
some deprecated configuration parameters. In smb.conf file I have:
winbind uid = 10000-20000
winbind gid = 10000-20000
Which, unfortunately seems to fall within the same range as the UID
range that portage (the gentoo package manager) uses to build
application user accounts (e.g., apache, stunnel, etc). I have attempted
to alter the range:
winbind uid = 15000-20000
winbind gid = 15000-20000
But it causes major issues, like, not being able to log in using a
domain account. I'm not sure how to fix this.
I also found a thread in the gentoo wiki that states that winbind [ug]id
is deprecated and idmap [ug]id should be used instead. I also have
noticed a lot of information regarding Samba 3.x and LDAP, but very
little regarding Samba 3.x and winbind. Is winbind still recommended for
and AD domain (w2k)?
Brian Atkins wrote:
I think I cleared up the username mismatch with a simple reboot of my
workstation. No clue why it was happening...
However, I am unable to connect to shares from a windows machine using a
username only. If I enter a groupname, it works:
valid users = batkins (FAILS)
valid users = @DOMAIN+"My Group" (SUCCEEDS)
I have compared this machine's config file to another machine with
working samba shares. The config files are nearly identical, save the
server string and netbios name.
Brian Atkins wrote:
OK, here's a strange twist:
[2006/12/08 17:45:17, 2] smbd/service.c:make_connection_snum(580)
user 'ubackup' (from session setup) not permitted to access this
share (batkins)
[2006/12/08 17:45:17, 3] smbd/error.c:error_packet(146)
error packet at smbd/reply.c(676) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
I'm logged in under my own user account (batkins), but it is trying to
authenticate me using the user account ubackup, both of which are AD
accounts.
Brian
"An adventure is never an adventure
when it's happening. Challenging
experiences need time to ferment,
and an adventure is simply physical
and emotional discomfort recollected
in tranquility." -- Tim Cahill
Brian Atkins wrote:
Curious. I have a gentoo server running 3.0.23d that simply serves
out shares. It is a domain member, but not a pdc. From another linux
server, I can mount up shares without a hitch. But from a windows
box, I keep getting prompted for credentials.
I am not seeing anything substantial in the logs.
SMB.CONF
--------
[global]
workgroup = UNICITY
realm = MYREALM.MYDOMAIN.COM
netbios name = SERVER
server string = SERVER
interfaces = 192.168.56.26 127.
bind interfaces only = yes
security = ADS
log file = /var/log/samba/log.%m
max log size = 8164
name resolve order = hosts wins bcast
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
os level = 5
preferred master = no
local master = no
domain master = no
dns proxy = no
wins proxy = no
wins server = 192.168.57.124
template shell = /bin/bash
unix extensions = no
winbind enum users = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum groups = yes
winbind separator = +
winbind use default domain = yes
encrypt passwords = yes
hosts allow = 192.168. 127.
load printers = no
smb ports = 139
[myshare]
comment = My fileshare
path = /home/MYDOMAIN/myhome
invalid users = root
valid users = me
public = no
writable = yes
printable = no
create mask = 0777
directory mask = 0777
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
