Re: [Samba] Re: Samba with winbind trouble
or use 'encrypt password = yes' as i read, the pam.d-things are just needed if you don't submit your passwords encrypted. btw. all later windows-clients (from nt4 on) just support encrypted password=yes. all other should somehow fail in wrong password.. cheers, Roger LINDER Thierry wrote: Hello, I try to implement a samba server (2.2.7a) with the authentifiactions via winbind to a PDC W2000. When I test winbind, it works: [EMAIL PROTECTED] samba]# wbinfo -t Secret is good [EMAIL PROTECTED] samba]# wbinfo -a tli%password plaintext password authentication succeeded [EMAIL PROTECTED] samba]# I enable the winbind on the /etc/nsswitch.conf: passwd: files winbind shadow: files group: files winbind If I try to do a su to my user which is not declared in my /etc/passwd, it works fine: [EMAIL PROTECTED] samba]# su - tli [EMAIL PROTECTED] tli]$ [EMAIL PROTECTED] tli]$ [EMAIL PROTECTED] tli]$ id uid=10061(tli) gid=1(Domain Users) groups=1(Domain Users),10062(PRJ - Gestion de projets),10058(KAM),10054(Team-Elargi),10018(IT Unix),10060(PRJ - Sharepoint),10053(testgrp) [EMAIL PROTECTED] tli]$ Also, I assume that the winbind levell is OK. But, If I try to open a share with smbclient, I can't: [EMAIL PROTECTED] root]# smbclient -L pxtest added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0 Password: Anonymous login successful Domain=[UDITIS] OS=[Unix] Server=[Samba 2.2.7a-security-rollup-fix] Sharename Type Comment - --- test Disk Share de test pour les ACL's IPC$ IPC IPC Service (Samba Server 2.2.7a-security-rollup-fix + ACL's support) ADMIN$ Disk IPC Service (Samba Server 2.2.7a-security-rollup-fix + ACL's support) Server Comment ---- PXTEST Samba Server 2.2.7a-security-rollup-fix + ACL's UDNEJ102 WorkgroupMaster ---- UDITIS UDNEJ102 [EMAIL PROTECTED] root]# smbclient //pxtest/tli -U tli added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0 Password: session setup failed: NT_STATUS_LOGON_FAILURE [EMAIL PROTECTED] root]# Here is my smb.conf configuration file: [EMAIL PROTECTED] samba]# cat smb.conf # Samba config file created using SWAT # from udpexp07.uditis.ch (172.30.1.131) # Date: 2003/11/21 10:22:37 # Global parameters [global] workgroup = UDITIS netbios name = PXTEST server string = Samba Server %v + ACL's support security = DOMAIN encrypt passwords = No obey pam restrictions = Yes password server = udnej102.uditis.ch pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log level = 2 log file = /var/log/samba/samba.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = No local master = No domain master = No dns proxy = No winbind uid = 1-2 winbind gid = 1-2 template homedir = /home/test/%U template shell = /bin/bash winbind cache time = 0 winbind use default domain = Yes guest account = Guest printing = cups [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [test] comment = Share de test pour les ACL's path = /home/test [EMAIL PROTECTED] samba]# Thanks by advance to help me on this trouble, because I found nothing serious on the logs and I passed through alla my ideas ... Many thanks Thierry -- Thierry Linder Tél. central +41 (0)32 557 55 00 Mandataire CommercialMobile +41 (0)79 473 92 35 Key Account Manager Fax +41 (0)32 557 55 05 Rue de la Gare 4 CH 2034 Peseux (NE) mailto:[EMAIL PROTECTED] http://www.uditis.ch Hi, excuse my noob answer but did you alter your /etc/pam.d/* files ? there's some work to do in those. By the way, i'm in pretty much in the same situation, except for one thing : the output for my smbclient is : added interface ip=128.0.107.2 bcast=128.0.107.255 nmask=255.255.255.0 Password: Domain=[FIRM] OS=[Unix] Server=[Samba 2.2.8a] tree connect failed: NT_STATUS_WRONG_PASSWORD although the password is correct... -- To unsubscribe from this list go to the following URL and read the instructions:
RE: [Samba] Re: Samba with winbind trouble
Hello Roger, Thanks for your note. I agree with you, I've changed the settings of the smb.conf: from: encrypt passwords = No to: encrypt passwords = Yes Now, I've still a trouble, but the error message has changed: Before: session setup failed: NT_STATUS_LOGON_FAILURE after: tree connect failed: NT_STATUS_WRONG_PASSWORD Any ideas ? Thierry -- Thierry Linder Tél. central +41 (0)32 557 55 00 Mandataire CommercialMobile +41 (0)79 473 92 35 Key Account Manager Fax +41 (0)32 557 55 05 Rue de la Gare 4 CH 2034 Peseux (NE) mailto:[EMAIL PROTECTED] http://www.uditis.ch -Original Message- From: Grosswiler Roger [mailto:[EMAIL PROTECTED] Sent: vendredi, 21. novembre 2003 11:12 To: leopardb Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Re: Samba with winbind trouble or use 'encrypt password = yes' as i read, the pam.d-things are just needed if you don't submit your passwords encrypted. btw. all later windows-clients (from nt4 on) just support encrypted password=yes. all other should somehow fail in wrong password.. cheers, Roger LINDER Thierry wrote: Hello, I try to implement a samba server (2.2.7a) with the authentifiactions via winbind to a PDC W2000. When I test winbind, it works: [EMAIL PROTECTED] samba]# wbinfo -t Secret is good [EMAIL PROTECTED] samba]# wbinfo -a tli%password plaintext password authentication succeeded [EMAIL PROTECTED] samba]# I enable the winbind on the /etc/nsswitch.conf: passwd: files winbind shadow: files group: files winbind If I try to do a su to my user which is not declared in my /etc/passwd, it works fine: [EMAIL PROTECTED] samba]# su - tli [EMAIL PROTECTED] tli]$ [EMAIL PROTECTED] tli]$ [EMAIL PROTECTED] tli]$ id uid=10061(tli) gid=1(Domain Users) groups=1(Domain Users),10062(PRJ - Gestion de projets),10058(KAM),10054(Team-Elargi),10018(IT Unix),10060(PRJ - Sharepoint),10053(testgrp) [EMAIL PROTECTED] tli]$ Also, I assume that the winbind levell is OK. But, If I try to open a share with smbclient, I can't: [EMAIL PROTECTED] root]# smbclient -L pxtest added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0 Password: Anonymous login successful Domain=[UDITIS] OS=[Unix] Server=[Samba 2.2.7a-security-rollup-fix] Sharename Type Comment - --- test Disk Share de test pour les ACL's IPC$ IPC IPC Service (Samba Server 2.2.7a-security-rollup-fix + ACL's support) ADMIN$ Disk IPC Service (Samba Server 2.2.7a-security-rollup-fix + ACL's support) Server Comment ---- PXTEST Samba Server 2.2.7a-security-rollup-fix + ACL's UDNEJ102 WorkgroupMaster ---- UDITIS UDNEJ102 [EMAIL PROTECTED] root]# smbclient //pxtest/tli -U tli added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0 Password: session setup failed: NT_STATUS_LOGON_FAILURE [EMAIL PROTECTED] root]# Here is my smb.conf configuration file: [EMAIL PROTECTED] samba]# cat smb.conf # Samba config file created using SWAT # from udpexp07.uditis.ch (172.30.1.131) # Date: 2003/11/21 10:22:37 # Global parameters [global] workgroup = UDITIS netbios name = PXTEST server string = Samba Server %v + ACL's support security = DOMAIN encrypt passwords = No obey pam restrictions = Yes password server = udnej102.uditis.ch pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log level = 2 log file = /var/log/samba/samba.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = No local master = No domain master = No dns proxy = No winbind uid = 1-2 winbind gid = 1-2 template homedir = /home/test/%U template shell = /bin/bash winbind cache time = 0 winbind use default domain = Yes guest account = Guest printing = cups [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [test] comment = Share de test pour les ACL's path = /home/test [EMAIL PROTECTED] samba]# Thanks by advance to help me on this trouble, because I found nothing serious on the logs and I
RE: [Samba] Re: Samba with winbind trouble
as you have been on pam.d before, check in your smbpasswd-file wheather the user you want to auth exists. if no, add it with smbpasswd -a [user] salut, Roger Hello Roger, Thanks for your note. I agree with you, I've changed the settings of the smb.conf: from: encrypt passwords = No to: encrypt passwords = Yes Now, I've still a trouble, but the error message has changed: Before: session setup failed: NT_STATUS_LOGON_FAILURE after: tree connect failed: NT_STATUS_WRONG_PASSWORD Any ideas ? Thierry -- Thierry Linder Tél. central +41 (0)32 557 55 00 Mandataire CommercialMobile +41 (0)79 473 92 35 Key Account Manager Fax +41 (0)32 557 55 05 Rue de la Gare 4 CH 2034 Peseux (NE) mailto:[EMAIL PROTECTED] http://www.uditis.ch -Original Message- From: Grosswiler Roger [mailto:[EMAIL PROTECTED] Sent: vendredi, 21. novembre 2003 11:12 To: leopardb Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Re: Samba with winbind trouble or use 'encrypt password = yes' as i read, the pam.d-things are just needed if you don't submit your passwords encrypted. btw. all later windows-clients (from nt4 on) just support encrypted password=yes. all other should somehow fail in wrong password.. cheers, Roger LINDER Thierry wrote: Hello, I try to implement a samba server (2.2.7a) with the authentifiactions via winbind to a PDC W2000. When I test winbind, it works: [EMAIL PROTECTED] samba]# wbinfo -t Secret is good [EMAIL PROTECTED] samba]# wbinfo -a tli%password plaintext password authentication succeeded [EMAIL PROTECTED] samba]# I enable the winbind on the /etc/nsswitch.conf: passwd: files winbind shadow: files group: files winbind If I try to do a su to my user which is not declared in my /etc/passwd, it works fine: [EMAIL PROTECTED] samba]# su - tli [EMAIL PROTECTED] tli]$ [EMAIL PROTECTED] tli]$ [EMAIL PROTECTED] tli]$ id uid=10061(tli) gid=1(Domain Users) groups=1(Domain Users),10062(PRJ - Gestion de projets),10058(KAM),10054(Team-Elargi),10018(IT Unix),10060(PRJ - Sharepoint),10053(testgrp) [EMAIL PROTECTED] tli]$ Also, I assume that the winbind levell is OK. But, If I try to open a share with smbclient, I can't: [EMAIL PROTECTED] root]# smbclient -L pxtest added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0 Password: Anonymous login successful Domain=[UDITIS] OS=[Unix] Server=[Samba 2.2.7a-security-rollup-fix] Sharename Type Comment - --- test Disk Share de test pour les ACL's IPC$ IPC IPC Service (Samba Server 2.2.7a-security-rollup-fix + ACL's support) ADMIN$ Disk IPC Service (Samba Server 2.2.7a-security-rollup-fix + ACL's support) Server Comment ---- PXTEST Samba Server 2.2.7a-security-rollup-fix + ACL's UDNEJ102 WorkgroupMaster ---- UDITIS UDNEJ102 [EMAIL PROTECTED] root]# smbclient //pxtest/tli -U tli added interface ip=172.30.1.167 bcast=172.30.1.255 nmask=255.255.255.0 Password: session setup failed: NT_STATUS_LOGON_FAILURE [EMAIL PROTECTED] root]# Here is my smb.conf configuration file: [EMAIL PROTECTED] samba]# cat smb.conf # Samba config file created using SWAT # from udpexp07.uditis.ch (172.30.1.131) # Date: 2003/11/21 10:22:37 # Global parameters [global] workgroup = UDITIS netbios name = PXTEST server string = Samba Server %v + ACL's support security = DOMAIN encrypt passwords = No obey pam restrictions = Yes password server = udnej102.uditis.ch pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log level = 2 log file = /var/log/samba/samba.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = No local master = No domain master = No dns proxy = No winbind uid = 1-2 winbind gid = 1-2 template homedir = /home/test/%U template shell = /bin/bash winbind cache time = 0 winbind use default domain = Yes guest account = Guest printing = cups [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [test] comment = Share de test pour