Hello all,
I've got a weird problem with a fresh install of Samba
from the FreeBSD ports collection (btw. the BSD-box is
also a fresh 4.7 Stable install).
Configured Samba 2.2.7a
- without cups
- with winbind
- with winbind-auth
- with audit
so far, the installation seemed to work fine...
Then I copied the libnss_winbind.so to /usr/lib
and softlinked it to /usr/local/lib as well as
to the other files mentioned in the howto (with
the .so.1 and .so.2 endings). FreeBSD has no /lib
directory, so I used the ones below /usr and /usr/local.
I left out the pam step because I just want to provide
the file-serving capabilities of samba to the clients
(hope this is correct - this is my first time playing around
with winbind because I'm bored with syncronizing NT&Unix
Accounts).
Then, I joined the domain with
smbpasswd -j MYDOM -r NT4PDC -U Administrator (supplied the
correct password) and got the success message.
The wbinfo otions -u, -g, -t, -a (challenge/response & plaintext)
do all work fine.
But when I want to connect from a w2ksp2-machine to Samba, it doesn't
seem to hand over the provided user credentials to winbindd (same with
smbclient on localhost).
So here are some questions:
- I don't need the pam configuration if I don't want other services to
be authenticated with winbind, do I?
- I don't need more winbind uid's and gid's than Users and Groups on
the PDC?
- If I enable the "winbind use default domain" option, I don't need to
add the NT-Domainname to the Usernames in valid/admin users, do I?
- Which is a good loglevel to see where the authentication fails?
- Any other hints from more experienced samba/winbind/freebsd(non-linux)
users (maybe you have a look at my smb.conf below)?
btw here's my smb.conf:
[global]
workgroup = MYDOM
netbios name = FOO
interfaces = xl0
bind interfaces only = Yes
security = DOMAIN
encrypt passwords = Yes
update encrypted = Yes
password server = NT4PDC, NT4BDC
wins server = NT4PDC
winbind uid = 15000-15050
winbind gid = 15000-15050
template shell = /sbin/nologin
winbind separator = +
winbind cache time = 5
winbind use default domain = Yes
[sysroot$]
path = /
valid users = Admin1, Admin2
admin users = Admin1, Admin2
read only = No
[raid$]
path = /raid
valid users = Admin1, Admin2
admin users = Admin1, Admin2
read only = No
any hints?
would be great ;-)
Wolfram
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
