Re: [Samba] Samba as NT Domain Member via Winbind - After Upgrade users prompted for password for any shares
Jerry, Thanks for your response. I tried tuning 'winbind use default domain = no' but still have the problem. When trying to browse the server for shares, users are prompted for an IPC$ password. If they try to access a specific share, they get a message saying the share cannot be found. Any other ideas? I've included below my smb.conf file, modified w/ suggested change as well as my logs for smbd, nmbd, and winbindd after all services are restarted and a connection attempt was made. Thanks, Jason McGlamary PC/LAN Specialist Washington Hospital Center --LOG.SMBD-- Barton:/var/log/samba# less log.smbd smbd version 3.0.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/08/26 07:40:14, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:40:27, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:40:27, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:40:27, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:40:52, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2004/08/26 07:40:52, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2004/08/26 07:40:52, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 22: ERRNO = Connection reset by peer [2004/08/26 07:40:52, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) [2004/08/26 07:40:52, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(194) Unable to open/create TDB passwd [2004/08/26 07:40:52, 0] passdb/pdb_tdb.c:tdbsam_getsampwrid(487) pdb_getsampwrid: Unable to open TDB rid database! [2004/08/26 07:41:42, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:41:54, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:41:57, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:41:57, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:41:57, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:41:58, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:41:58, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/08/26 07:42:31, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2004/08/26 07:42:31, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2004/08/26 07:42:31, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2004/08/26 07:42:31, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by p eer [2004/08/26 07:42:31, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) [2004/08/26 07:42:31, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(194) Unable to open/create TDB passwd [2004/08/26 07:42:31, 0] passdb/pdb_tdb.c:tdbsam_getsampwrid(487) pdb_getsampwrid: Unable to open TDB rid database! -LOG.NMBD-- Barton:/var/log/samba# less log.nmbd [2004/08/22 15:11:13, 0] nmbd/nmbd_namequery.c:query_name_response(101) query_name_response: Multiple (2) responses received for a query on subnet 172 .25.37.198 for name MHG1d. This response was from IP 172.25.37.104, reporting an IP address of 172.25.37. 104. [2004/08/25 10:28:26, 0] nmbd/nmbd.c:terminate(54) Got SIGTERM: going down... [2004/08/25 10:28:42, 0] nmbd/nmbd.c:main(664) Netbios nameserver version 3.0.6 started. Copyright Andrew Tridgell and the Samba Team 1994-2004 [2004/08/25 10:49:37, 0] nmbd/nmbd.c:terminate(54) Got SIGTERM: going down... [2004/08/25 10:49:53, 0] nmbd/nmbd.c:main(664) Netbios nameserver version 3.0.6 started. Copyright Andrew Tridgell and the Samba Team 1994-2004 [2004/08/25 10:53:27, 0] nmbd/nmbd.c:terminate(54) Got SIGTERM: going down... [2004/08/25 10:53:27, 0] nmbd/nmbd.c:main(664) Netbios nameserver version 3.0.6 started. Copyright Andrew Tridgell and the Samba Team 1994-2004 [2004/08/25 10:58:06, 0] nmbd/nmbd.c:terminate(54) Got SIGTERM: going down... [2004/08/25 11:00:04, 0] nmbd/nmbd.c:main(664) --LOG.WINBINDD- [2004/08/26 07:38:38, 1] nsswitch/winbindd.c:main(854) winbindd version 3.0.6 started
[Samba] Re: Re: Samba as NT Domain Member via Winbind - After Upgrade users prompted for password for any shares
Thomas, I followed your instructions, and your theory proved correct. The user I performed 'getent passwd username was able to access the shares. It's something at least, and believe me I was getting ready to swear off technology forever. Now, how can I manage this task for 2 users? Is this a problem only happeningn w/ 3.0.6? It didn't happen to me until I upgraded yesterday. Does anyone know how I can roll back to a previous version on Debian? I've really just started using the Distro recently. Thanks, Jason --- I'm having similar problems with Samba 3.0.6... Jason, try this for scientific purposes: 1. Stop Samba 2. Delete /%samba/var/locks/netsamlogon_cache.tdb 3. Start Samba 4. run 'getent passwd username' (where username includes the domain name and domain separator if necessary) If the account shows up, my guess is that your shares will work for that user for the moment. If you try to access a share before that (even anonymous \\server), you'll be locked out and won't be able to access anything until you delete netsamlogon_cache.tdb and start over. Jerry, why does this happen? ;) Here's my best definition of the situation and the problem: Existing Infrastructure - Windows NT 4.0 Domain - PDC, BDC - Two-way Domain Trust with external domain - SP6a Desired Samba server - Samba 3.0.6 - Red Hat Linux 7.2 - Domain member server - Winbind Successes - configure, make, make install run normally - net rpc join -U Admin joins server to domain - starting samba allows getent passwd, group - wbinfo -t, -p work fine Problems - Users can only connect to shares after doing a 'getent passwd username' *before* attempting a connection to \\servername - Trying to Run... \\servername before doing that locks out the user until the service is stopped, netsamlogon_cache.tdb is deleted, and the service is restarted. Diagnostics - setting winbind use default domain = yes or no has no effect. - setting passdb backend = tdbsam or smbpasswd or commenting out the line has no effect. - this line occurs repeatedly in the visiting workstation's log: [2004/08/26 15:04:48, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as NT Domain Member via Winbind - After Upgrade users prompted for password for any shares
Hello, Apparently, I did a stupid thing today. I used apt-get on my Debian Woody system to upgrade my Samba packages from 3.0.2 to 3.0.6. Since doing so, all my users are prompted for a password when trying to access shares. Even just listing the IPC$, Windows XP systems prompt for user name and password. Windows 98 machines prompt for password. None are successful. I believe winbind is working OK. When I run wbinfo -u all the users in my domain are listed as expected. Does anyone have any idea as to what the problem could be, or what information could help me solve the problem? I've been googling all day, but most issues have to do with making sure SECURITY=DOMAIN, which mine is. I've included my smb.conf and nsswitch.conf files below. I'd appreciate any insight you can offer. Thanks, Jason McGlamary PC/LAN Specialist Washington Hospital Center smb.conf # Samba config file created using SWAT # from 172.25.5.105 (172.25.5.105) # Date: 2004/08/25 14:46:03 # Global parameters [global] workgroup = MHG netbios aliases = MERCURY server string = DON App Server security = DOMAIN allow trusted domains = No passdb backend = tdbsam pam password change = Yes preferred master = No local master = No domain master = No wins server = a:192.168.121.9, a:198.50.86.251, a:198.50.78.20 ldap ssl = no idmap uid = 1-4 idmap gid = 1-4 template homedir = winbind use default domain = Yes admin users = mhg\jxmm [MRAudit] path = /usr/local/MRAudit/ admin users = mhg\jxmm, mhg\skb5 force group = UsrMRAudit read only = No create mask = 0740 directory mask = 02740 inherit permissions = Yes inherit acls = Yes map acl inherit = Yes hide unreadable = Yes level2 oplocks = No strict locking = No [EStaff] path = /usr/local/EStaff admin users = mhg\jxmm, mhg\skb5 force group = UsrEStaff read only = No create mask = 0740 directory mask = 02740 inherit permissions = Yes inherit acls = Yes map acl inherit = Yes hide unreadable = Yes level2 oplocks = No strict locking = No [StfEffect] path = /usr/local/StfEffect valid users = mhg\jxmm, mhg\ekr1 admin users = mhg\jxmm, mhg\ekr1 read only = No inherit permissions = Yes inherit acls = Yes map acl inherit = Yes [Wound] path = /usr/local/Wound valid users = mhg\jxmm, mhg\ekr1 admin users = mhg\jxmm, mhg\ekr1 read only = No inherit permissions = Yes inherit acls = Yes map acl inherit = Yes [NsgMgt] path = /usr/local/NsgMgt valid users = mhg\jxmm, mhg\ekr1, mhg\amp1, mhg\bxs5, mhg\crr2, mhg\dmh3, mhg\jmm5, mhg\lah5, mhg\lxf1, mhg\lxv3, mhg\mah7, mhg\pxg4, mhg\sbm1, mhg\sxe1, mhg\tso1, mhg\txbi, mhg\cao7, mhg\alv1, mhg\rxb8, mhg\ixd1 admin users = mhg\jxmm, mhg\ekr1 force group = UsrNsgMgmnt read only = No inherit permissions = Yes inherit acls = Yes map acl inherit = Yes [ORS DataFiles] path = /usr/local/ORS Data Files valid users = mhg\jxmm, mhg\ekr1, mhg\ddm5, mhg\bsg2, mhg\bas6 admin users = mhg\jxmm, mhg\ekr1 force group = UsrORSData read only = No create mask = 0760 directory mask = 02770 inherit permissions = Yes inherit acls = Yes map acl inherit = Yes [ORS Staff Chg] path = /usr/local/ORS Staffing Changes valid users = mhg\jxmm, mhg\ekr1, mhg\dqb1, mhg\amba, mhg\exb5, mhg\vlc4, mhg\blc3, mhg\ame3, mhg\yxf1, mhg\exf4, mhg\bsg2, mhg\ncg2, mhg\pxg4, mhg\exh6, mhg\sth3, mhg\lgk1, mhg\esm2, mhg\mxm8, mhg\amn1, mhg\exr4, mhg\bas6, mhg\cvs2, mhg\daw7, mhg\mxp6 admin users = mhg\jxmm, mhg\ekr1 force group = UsrORSStaffing read only = No create mask = 0760 directory mask = 02770 inherit permissions = Yes inherit acls = Yes map acl inherit = Yes [ORS OT] path = /usr/local/ORS OT Utilization valid users = mhg\jxmm, mhg\ekr1, mhg\exb5, mhg\exf4, mhg\bsg2, mhg\pxg4, mhg\exh6, mhg\mxm8, mhg\bas6, mhg\cvs2, mhg\daw7, mhg\sxw7 admin users = mhg\jxmm, mhg\ekr1 read list = mhg\pxg4, mhg\bas6 force group = UsrORSUtil read only = No create mask = 0760 directory mask = 02770 inherit permissions = Yes inherit acls = Yes map acl inherit = Yes [ORS Outcomes] path = /usr/local/ORS Volume Outcomes valid users = mhg\jxmm, mhg\ekr1, mhg\bsg2, mhg\ddm5, mhg\jme1, mhg\psb3 admin users = mhg\jxmm, mhg\ekr1 read list = mhg\jme1, mhg\psb3 force group = UsrORSOutcomes
Re: [Samba] Getting stats for logged in domain users?
Also, SWAT will display this information graphically and can be made to automatically refresh under the Status link. I have found SWAT to be fairly convenient for viewing connections, viewing current smb.conf file, and for restarting the Samba services. Just be careful if using SWAT, if you use it to change your Samba config, it will overwrite your current file, eliminating comments, and only showing nonstandard config options. Way to go depends on whether you need to use the information for another process, or if you're just monitoring. Jason McGlamary PC/LAN Specialist Washington Hospital Center Frode Lillerud [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 04/11/2004 10:52 AM To [EMAIL PROTECTED] cc Subject [Samba] Getting stats for logged in domain users? Samba 3.0.2a, Debian linux, 2.6.x kernel, PDC server, WinXP clients. Hi, I'm setting up a samba server for one of our branch offices. During the monitoring of the server I'd like to be able to view how many domain users, and which ones, are logged in on the domain at particular times. The users use WinXP. Is there any way of getting number of logged on domainusers, their IP's or usernames? My alternative way is to write a perl script to analyze the samba logfiles. Thanks Frode -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Possible to add domain user accounts to a local linux group on samba-3 domain member server?
Hello, I've set up a Samba 3.0.2a domain member server on an existing Windows NT4 domain utilizing Winbind to resolve user authentication to my server. I would like to create local groups on my Samba server containing users from the NT domain to control access to shares on the Samba server. I've googled for a couple days trying to find something that will help me do this, but the suggestions I've found (use gpasswd to add domain users to a local group) have failed (error saying user not found). Has any progress been made towards this end, or is it planned for any future release? I am unable to create groups on the domain to facilitate access control that way. Is Winbind limited to only using domain groups, or is the limitation within the Linux OS itself to understand the domain user concept? Any insight you can provide would be greatly appreciated. Thank, Jason McGlamary PC/LAN Specialist Division of Nursing - Nursing Informatics Co-Chair WHC/NRH/IS Focus Forum Washington Hospital Center -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba