Re: [Samba] Domain Member Server not showing domain users/groups andnot honoring domain user accounts

Wed, 29 Dec 2010 16:51:43 -0800 






I've got a domain member server configured as such:

Load smb config files from /etc/samba/smb.conf
Processing section "[videos]"
Processing section "[music]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
[global]
                 workgroup = TEMPEST

                 server string = Media Server (%h) (Livingroom 
Television)

                 security = DOMAIN



From the Official How To:


Example ConfigurationSamba as a Domain Member Server

This method involves addition of the following parameters in the 
smb.conf file:

security = domainworkgroup = MIDEARTH

In order for this method to work, the Samba server needs to join the 
MS Windows NT security domain. This is done as follows:


http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2559628


Use of this mode of authentication requires there to be a standard 
UNIX account for each user in order to assign a UID once the account 
has been authenticated by the Windows domain controller. This account 
can be blocked to prevent logons by clients other than MS Windows 
through means such as setting an invalid shell in the /etc/passwd 
entry. The best way to allocate an invalid shell to a user account is 
to set the shell to the file /bin/false. Domain controllers can be 
located anywhere that is convenient. The best advice is to have a BDC 
on every physical network segment, and if the PDC is on a remote 
network segment the use of WINS (see Network Browsing for more 
information) is almost essential.
An alternative to assigning UIDs to Windows users on a Samba member 
server is presented in Winbind, Winbind: Use of Domain Accounts.




Also see:


http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#domain-member-server




                 map to guest = Bad User
                 syslog = 0
                 log file = /var/log/samba/log.%m
                 max log size = 1000
                 dns proxy = No
                 wins server = density.aarcane.info
                 usershare allow guests = Yes
                 panic action = /usr/share/samba/panic-action %d

[videos]
                 comment = Rebirth local Videos
                 path = /media/local/videos
                 write list = @rebirth
                 force group = videos
                 create mask = 0664
                 force create mode = 0664
                 directory mask = 0775
                 force directory mode = 0775

[music]
                 comment = Rebirth local Music
                 path = /media/local/music
                 write list = @rebirth
                 force group = music
                 create mask = 0664
                 force create mode = 0664
                 directory mask = 0775
                 force directory mode = 0775

The server is not honoring domain accounts (the PDC honors domain
accounts and shows owners/groups as domain users without issue), but
this one is saying "Unknown username or bad password" when trying to
browse to it, and when you specify your domain username and password

manually in the prompt, it shows files and groups as REBIRTH/username 
or

UNIX-GROUP/groupname instead of as domain users and groups.

below I've stopped the server, cleared out the old log files, and

restarted smbd (and nmbd) and double-clicked on rebirth in the windows 
7

network pane.

ikari (10.0.0.241) is the client I'm using.

aarc...@rebirth:/var/log/samba$ ls
cores  log.10.0.0.241  log.ikari  log.nmbd  log.smbd
aarc...@rebirth:/var/log/samba$ cat log.10.0.0.241
aarc...@rebirth:/var/log/samba$ cat log.ikari

[2010/12/29 16:04:30.647903,  0] 
lib/util_sock.c:474(read_fd_with_timeout)

[2010/12/29 16:04:30.648046,  0]
lib/util_sock.c:1432(get_peer_addr_internal)
     getpeername failed. Error was Transport endpoint is not connected

     read_fd_with_timeout: client 0.0.0.0 read error = Connection 
reset by

peer.
aarc...@rebirth:/var/log/samba$ cat log.nmbd
[2010/12/29 16:03:44,  0] nmbd/nmbd.c:857(main)
     nmbd version 3.5.4 started.
     Copyright Andrew Tridgell and the Samba Team 1992-2010
aarc...@rebirth:/var/log/samba$ cat log.smbd
[2010/12/29 16:03:41,  0] smbd/server.c:1123(main)
     smbd version 3.5.4 started.
     Copyright Andrew Tridgell and the Samba Team 1992-2010

[2010/12/29 16:03:41.923307,  0] 
printing/print_cups.c:108(cups_connect)
     Unable to connect to CUPS server localhost:631 - Connection 
refused
[2010/12/29 16:03:41.928781,  0] 
printing/print_cups.c:108(cups_connect)
     Unable to connect to CUPS server localhost:631 - Connection 
refused

[2010/12/29 16:03:41.929413,  0] smbd/server.c:1169(main)
     standard input is not a socket, assuming -D option
aarc...@rebirth:/var/log/samba$


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba














    











					Reply via email to