Prev: member server, doesn't show full browse list
Next: samba 4 libnss_winbind.so
From: Mike Leone on 7 May 2010 23:50
Some may remember all my issues trying to get one Samba server to mount
shares from another Samba server. Well, I decided to completely reformat
my laptop with Ubuntu 10.04, and start over (leaving the other Samba
server at Ubuntu 9.10)

(to recap - I have a Win2003 AD (not R2), with SFU installed)

I took the smb.conf from the 9.10 server (running 3.4.0) and loaded it
on the Ubuntu 10.04 laptop, which is running 3.4.7. The only editing I
did was to remove the share definitions, which don't exist on the laptop
(no shares defined at all). Also copied the krb5.conf, to configure
Kerberos. Cleared the /var/lib/samba, /var/cache/samba, /var/log/samba
directories. Even tho Ubuntu 10.04 seems to have the /etc/pam.d files
already configured for samba, I copied over the common-account,
common-auth, common-password, common-session files from the 9.10 server
to the 10.04 server. Did the same with the nsswitch.conf file.

Figured I should get identical results, right? HA! :-(

Got a ticket.
Joined the domain. It gave me an error message, something about the
client not existing in the Kerberos database. It worked, tho, as the
computer account did appear in AD.

wbinfo -t works.
wbinfo -u works.
wbinfo -g works.
If I use sudo, then wbinfo -a DOMAIN+user works. (I used "+" as a delimiter)

Getent passwd fails.
Getent group fails.

I am seeing this, in log.winbind on the 10.04 server:

[2010/05/07 23:16:59, 1] winbindd/winbindd_user.c:97(winbindd_fill_pwent)
error getting user id for sid S-1-5-21-2780757143-49591276-3462498634-500
[2010/05/07 23:16:59, 1] winbindd/winbindd_user.c:856(winbindd_getpwent)
could not lookup domain user Administrator
[2010/05/07 23:16:59, 1] winbindd/idmap_ad.c:651(idmap_ad_sids_to_unixids)
Could not get unix ID

and repeating, for all domain users.

I'm pretty much ready to just give up, and use the Windows installed on
this laptop. That one has no problem accessing shares from the Samba
server, or the Windows stations on the LAN.

Anyone? Please. :-)

Testparm of smb.conf: (I had to add the "idmap uid/gid" statements to
the 10.04 server)

[global]
workgroup = DACRIB
realm = DACRIB.LOCAL
server string = %h server (Samba %v, Domain: %D, Server: %L - %R)
security = ADS
auth methods = winbind
allow trusted domains = No
map to guest = Bad User
obey pam restrictions = Yes
password server = dim-win2300.DaCrib.local
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
client NTLMv2 auth = Yes
log level = 3
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
server signing = auto
os level = 2
local master = No
domain master = No
dns proxy = No
eventlog list = Application, System, Security, SyslogLinux
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap uid = 100000-200000
idmap gid = 100000-200000
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind nss info = sfu
winbind refresh tickets = Yes
idmap config DACRIB: schema_mode = sfu
idmap config DACRIB: range = 100000 - 200000
idmap config DACRIB: backend = ad
hide dot files = No

Testparm of smb.conf of 9.10 server:

[global]
workgroup = DACRIB
realm = DACRIB.LOCAL
server string = %h server (Samba %v, Domain: %D, Server: %L - %R)
security = ADS
auth methods = winbind
map to guest = Bad User
obey pam restrictions = Yes
password server = dim-win2300.DaCrib.local
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
client NTLMv2 auth = Yes
log level = 4
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
server signing = auto
os level = 2
local master = No
domain master = No
dns proxy = No
eventlog list = Application, System, Security, SyslogLinux
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind nss info = sfu
winbind refresh tickets = Yes
idmap config DCRIB:schema_mode = sfu
idmap config DACRIB: range = 100000 - 200000
idmap config DACRIB: backend = ad
hide dot files = No
wide links = No



--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
 | 
Pages: 1
Prev: member server, doesn't show full browse list
Next: samba 4 libnss_winbind.so