samba problem; member server can't authenticate
Hey List- I tried the Samba lists...but didn't get any tips there..so possibly a freebsd issue? Dunno, anyways I have a Samba PDC and a Samba Member Server. The Samba PDC works fine, but the problem is that the Member Server can't authenticate users and let me browse file shares and i always get the error: NT_STATUS_NO_LOGON_SERVERS the wierd thing is that sometimes: SMBCLIENT -L ECWTEST will work and list my shares. However, the first time I actually try to authenticate a user to browse a share the whole shebang stops and I get the above error. I'm using Konqueror and smb://ecwtest/sharename to connect. I don't need to make any PAM changes to allow just file / share authentication do I? One thing, the member server is a new rebuild of a machine with the same name and the PDC is a upgrade using the TDBs, etc.. from backup. I did remove the machine account from the PDC and then re-added it using net join and that worked fine. I ran through the test at the back of the offical book and all of them work except the actual sharing and the nmblookup -d 2 '*' on the member server and of course the smbclient specific ones. wbinfo -u and wbinfo -g work on the member server and i can chown files to users only in the PDC in the samba users file. I just can't authenticate. the only error I'm seeing is in log.wb-ECW and its: [2006/09/03 12:54:12, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine ECWSERVER pipe \lsarpc fnum 0x70a8! [2006/09/03 13:17:04, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine ECWSERVER pipe \NETLOGON fnum 0x7549! [2006/09/03 13:38:05, 0] nsswitch/winbindd_dual.c:child_read_request(49) Got invalid request length: 0 [2006/09/03 13:38:12, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine ECWSERVER pipe \lsarpc fnum 0x7104! Here is my setup: PDC: ECWSERVER ; FreeBSD 6-stable and samba-3.0.23b,1 member: ECWTEST ; freeBSD 6-stable and samba-3.0.23b,1 Both servers are on the same network and have static IPs. i am able to ping, etc.. using the netbios names my /etc/nssswitch.conf is the same on both: group: files winbind group_compat: nis hosts: files dns networks: files passwd: files winbind passwd_compat: nis shells: files PDC smb.conf: # Global parameters [global] workgroup = ECW netbios name = ECWSERVER passdb backend = tdbsam:/usr/local/etc/samba/private/passwd.tdb os level = 65 preferred master = yes domain master = yes local master = yes domain logons = yes wins support = yes #server string = Samba %v on %L server string = security = USER encrypt passwords = yes disable spoolss = Yes guest ok = yes follow symlinks = no case sensitive = no idmap uid = 15000-2 idmap gid = 15000-2 username map = /usr/local/etc/samba/smbusers name resolve order = hosts wins bcast time server = Yes #printing options #printing = cups #printcap name = cups #load printers = yes #show add printer wizard = Yes #printer admin = @ecwadmins,@wheel #user scripts add user script = /usr/sbin/pw useradd -n %u -g ecwusers -s /usr/sbin/nologin -c delete user script = /usr/sbin/pw userdel -n %u add group script = /usr/sbin/pw groupadd -n %g delete group script = /usr/sbin/pw groupdel -n %g add user to group script = /usr/sbin/pw usermod -n %u -g %g #add machine script = /usr/sbin/pw useradd -n %u -g 100 -s /usr/sbin/nologin -d /dev/null #user directories logon home = \\%N\%U\ logon drive = H: #roaming profiles logon path = # the member server smb.conf: # Global parameters [global] workgroup = ECW netbios name = ECWTEST #server string = Samba %v on %L server string = security = domain password server = ECWSERVER wins server = 10.0.0.6 encrypt passwords = yes idmap uid = 15000-2 idmap gid = 15000-2 winbind use default domain = yes guest ok = yes follow symlinks = no case sensitive = no os level = 33 preferred master = no domain master = no #bind interfaces only = yes #interfaces = fxp0 lo0 #hosts deny = ALL #hosts allow = 10.0.0.0/24 127. name resolve order = hosts wins bcast Thanks. henrik -- Henrik Hudson [EMAIL PROTECTED] -- There are 10 kinds of people in the world: Those who understand binary and those who don't... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: samba problem; member server can't authenticate
On 9/3/06, Henrik Hudson [EMAIL PROTECTED] wrote: I have a Samba PDC and a Samba Member Server. The Samba PDC works fine, but the problem is that the Member Server can't authenticate users and let me browse file shares and i always get the error: NT_STATUS_NO_LOGON_SERVERS Sounds like your member server can't contact the pdc's logon service. the wierd thing is that sometimes: SMBCLIENT -L ECWTEST will work and list my shares. However, the first time I actually try to authenticate a user to browse a share the whole shebang stops and I get the above error. I'm using Konqueror and smb://ecwtest/sharename to connect. Try to always use FQDN (ecwtest.domain.blah); or be very careful and complete in the way you set up your name resolution (WINS, DNS). Especially if you have hosts on different subnets. I don't need to make any PAM changes to allow just file / share authentication do I? No. Samba doesn't use PAM. One thing, the member server is a new rebuild of a machine with the same name and the PDC is a upgrade using the TDBs, etc.. from backup. I did remove the machine account from the PDC and then re-added it using net join and that worked fine. I ran through the test at the back of the offical book and all of them work except the actual sharing and the nmblookup -d 2 '*' on the member server and of course the smbclient specific ones. nmblookup is a WINS resolution tool. If your WINS server is not configured and functioning and your computers are on different subnets (or have blocking firewalls) you will have problems. If you don't use FQDN samba will, probably, be using WINS to resolve your host names. the member server smb.conf: # Global parameters [global] workgroup = ECW netbios name = ECWTEST #server string = Samba %v on %L server string = security = domain password server = ECWSERVER Make that an FQDN hostname or ip address. wins server = 10.0.0.6 encrypt passwords = yes idmap uid = 15000-2 idmap gid = 15000-2 winbind use default domain = yes guest ok = yes follow symlinks = no case sensitive = no os level = 33 preferred master = no domain master = no #bind interfaces only = yes #interfaces = fxp0 lo0 #hosts deny = ALL #hosts allow = 10.0.0.0/24 127. name resolve order = hosts wins bcast And check your firewall rules. -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers-- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: samba problem; member server can't authenticate
On Sunday 03 September 2006 13:59, Atom Powers [EMAIL PROTECTED] sent a missive stating: On 9/3/06, Henrik Hudson [EMAIL PROTECTED] wrote: I have a Samba PDC and a Samba Member Server. The Samba PDC works fine, but the problem is that the Member Server can't authenticate users and let me browse file shares and i always get the error: NT_STATUS_NO_LOGON_SERVERS Sounds like your member server can't contact the pdc's logon service. Yeap :) the wierd thing is that sometimes: SMBCLIENT -L ECWTEST will work and list my shares. However, the first time I actually try to authenticate a user to browse a share the whole shebang stops and I get the above error. I'm using Konqueror and smb://ecwtest/sharename to connect. Try to always use FQDN (ecwtest.domain.blah); or be very careful and complete in the way you set up your name resolution (WINS, DNS). Especially if you have hosts on different subnets. I've tried it both ways. Some people say to use the FQDN and some the other way around. nmblookup is a WINS resolution tool. If your WINS server is not configured and functioning and your computers are on different subnets (or have blocking firewalls) you will have problems. If you don't use FQDN samba will, probably, be using WINS to resolve your host names. My firewalls are 100% off until I get this working. henrik -- Henrik Hudson [EMAIL PROTECTED] -- There are 10 kinds of people in the world: Those who understand binary and those who don't... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: samba problem; member server can't authenticate
FYI: It seems the winbind use default domain = yes was getting the member server all messed up in the head. I removed that and suddenly it became just a problem of changing my permissions to include the ECW domain in the allowed users. Thanks for the responses. henrik On Sunday 03 September 2006 13:46, Henrik Hudson [EMAIL PROTECTED] sent a missive stating: Hey List- I tried the Samba lists...but didn't get any tips there..so possibly a freebsd issue? Dunno, anyways I have a Samba PDC and a Samba Member Server. The Samba PDC works fine, but the problem is that the Member Server can't authenticate users and let me browse file shares and i always get the error: NT_STATUS_NO_LOGON_SERVERS the wierd thing is that sometimes: SMBCLIENT -L ECWTEST will work and list my shares. However, the first time I actually try to authenticate a user to browse a share the whole shebang stops and I get the above error. I'm using Konqueror and smb://ecwtest/sharename to connect. I don't need to make any PAM changes to allow just file / share authentication do I? One thing, the member server is a new rebuild of a machine with the same name and the PDC is a upgrade using the TDBs, etc.. from backup. I did remove the machine account from the PDC and then re-added it using net join and that worked fine. I ran through the test at the back of the offical book and all of them work except the actual sharing and the nmblookup -d 2 '*' on the member server and of course the smbclient specific ones. wbinfo -u and wbinfo -g work on the member server and i can chown files to users only in the PDC in the samba users file. I just can't authenticate. the only error I'm seeing is in log.wb-ECW and its: [2006/09/03 12:54:12, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine ECWSERVER pipe \lsarpc fnum 0x70a8! [2006/09/03 13:17:04, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine ECWSERVER pipe \NETLOGON fnum 0x7549! [2006/09/03 13:38:05, 0] nsswitch/winbindd_dual.c:child_read_request(49) Got invalid request length: 0 [2006/09/03 13:38:12, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine ECWSERVER pipe \lsarpc fnum 0x7104! Here is my setup: PDC: ECWSERVER ; FreeBSD 6-stable and samba-3.0.23b,1 member: ECWTEST ; freeBSD 6-stable and samba-3.0.23b,1 Both servers are on the same network and have static IPs. i am able to ping, etc.. using the netbios names my /etc/nssswitch.conf is the same on both: group: files winbind group_compat: nis hosts: files dns networks: files passwd: files winbind passwd_compat: nis shells: files PDC smb.conf: # Global parameters [global] workgroup = ECW netbios name = ECWSERVER passdb backend = tdbsam:/usr/local/etc/samba/private/passwd.tdb os level = 65 preferred master = yes domain master = yes local master = yes domain logons = yes wins support = yes #server string = Samba %v on %L server string = security = USER encrypt passwords = yes disable spoolss = Yes guest ok = yes follow symlinks = no case sensitive = no idmap uid = 15000-2 idmap gid = 15000-2 username map = /usr/local/etc/samba/smbusers name resolve order = hosts wins bcast time server = Yes #printing options #printing = cups #printcap name = cups #load printers = yes #show add printer wizard = Yes #printer admin = @ecwadmins,@wheel #user scripts add user script = /usr/sbin/pw useradd -n %u -g ecwusers -s /usr/sbin/nologin -c delete user script = /usr/sbin/pw userdel -n %u add group script = /usr/sbin/pw groupadd -n %g delete group script = /usr/sbin/pw groupdel -n %g add user to group script = /usr/sbin/pw usermod -n %u -g %g #add machine script = /usr/sbin/pw useradd -n %u -g 100 -s /usr/sbin/nologin -d /dev/null #user directories logon home = \\%N\%U\ logon drive = H: #roaming profiles logon path = # the member server smb.conf: # Global parameters [global] workgroup = ECW netbios name = ECWTEST #server string = Samba %v on %L server string = security = domain password server = ECWSERVER wins server = 10.0.0.6 encrypt passwords = yes idmap uid = 15000-2 idmap gid = 15000-2 winbind use default domain = yes guest ok = yes follow symlinks = no case sensitive = no os level = 33 preferred master = no domain master = no #bind interfaces only = yes #interfaces = fxp0 lo0 #hosts deny = ALL #hosts allow = 10.0.0.0/24 127. name resolve order = hosts wins bcast Thanks. henrik -- Henrik Hudson [EMAIL PROTECTED] -- There are 10 kinds of people in the world: Those who understand binary and
