[Samba] Problem cooperating with Windows and AD

Hi,

=20

I'm having a problem getting my Windows machines to access shares in
Samba. When they browse to the Samba box it sometimes gives them an
error saying that they don't have permission or that the server is
unavailable. However this doesn't always happen and other times it lists
the shares. When I try to access the shares it just prompts for the
username/password over and over. I've tried Google and browsing around
the Samba doc and have spent hours and hours trying to fix this. I'm at
my wits end. Can anyone help?

=20

I'm running Fedora Core 3 on the Samba server and upgraded Samba to
3.0.21b. Before I upgraded it was working most of the time; however, not
all the time, and there was an error in one of the logs. I researched
the error and found that it was resolved in a newer version of Samba, so
I upgraded. I'm running Windows Server 2003 SP1 using Active Directory
for domain authentication and running Samba in ADS security mode. All
Windows clients run XP Pro SP2. I'm using Webmin for remote
administration, but I also just login to the machine at times. I do use
Webmin to join the domain though.

=20

Here are some of my configuration files:

=20

# Samba config file created using SWAT

# from 0.0.0.0 (0.0.0.0)

# Date: 2006/02/11 21:49:19

=20

[global]

workgroup =3D CHU

realm =3D CHU.PARADISENT.COM

netbios aliases =3D Zeus, zeus

server string =3D Samba Server

security =3D ADS

client schannel =3D Yes

server schannel =3D Yes

null passwords =3D Yes

password server =3D paradise.paradisent.com

log file =3D /usr/local/samba/var/%m.log

max log size =3D 50

client signing =3D Yes

server signing =3D Yes

socket options =3D TCP_NODELAY SO_SNDBUF=3D8192 SO_RCVBUF=3D8192

load printers =3D No

preferred master =3D No

local master =3D No

domain master =3D No

dns proxy =3D No

ldap ssl =3D no

preload =3D shared website

socket address =3D 192.168.0.20

idmap uid =3D 10000-20000

idmap gid =3D 10000-20000

template shell =3D /bin/tcsh

winbind separator =3D |

cups options =3D raw

=20

[shared]

comment =3D Shared Folder

path =3D /shared

valid users =3D CHU|administrator, CHU|annie, CHU|jacob,
@CHU|Household

read only =3D No

=20

[jacob]

comment =3D Jacob's Home Dir

path =3D /home/jacob

valid users =3D CHU|jacob

read only =3D No

=20

[root]

comment =3D Root's Home Dir

path =3D /root

valid users =3D CHU|administrator, CHU|annie, CHU|jacob,
@BUILTIN|Administrators, "@CHU|Domain Admins", "@CHU|Enterprise Admins"

read only =3D No

=20

[annie]

comment =3D Annie's Home Dir

path =3D /home/annie

valid users =3D CHU|annie

read only =3D No

=20

[website]

comment =3D Main Website

path =3D /var/www/html

valid users =3D CHU|administrator, CHU|annie, CHU|jacob,
@CHU|Household

read only =3D No

=20

=20

#

# /etc/nsswitch.conf

#

=20

passwd: files winbind

shadow: files

group: files winbind

=20

#hosts: db files nisplus nis dns

hosts: files dns

=20

# Example - obey only what nisplus tells us...

#services: nisplus [NOTFOUND=3Dreturn] files

#networks: nisplus [NOTFOUND=3Dreturn] files

#protocols: nisplus [NOTFOUND=3Dreturn] files

#rpc: nisplus [NOTFOUND=3Dreturn] files

#ethers: nisplus [NOTFOUND=3Dreturn] files

#netmasks: nisplus [NOTFOUND=3Dreturn] files =20

=20

bootparams: nisplus [NOTFOUND=3Dreturn] files

=20

ethers: files

netmasks: files

networks: files

protocols: files

rpc: files

services: files

=20

netgroup: files

=20

publickey: nisplus

=20

automount: files

aliases: files nisplus

=20

=20

#krb5.conf

=20

[logging]

default =3D FILE:/var/log/krb5libs.log

kdc =3D FILE:/var/log/krb5kdc.log

admin_server =3D FILE:/var/log/kadmind.log

=20

[libdefaults]

default_realm =3D CHU.PARADISENT.COM

dns_lookup_realm =3D false

dns_lookup_kdc =3D false

=20

[realms]

CHU.PARADISENT.COM =3D {

kdc =3D paradise.paradisent.com

admin_server =3D paradise.paradisent.com

default_domain =3D chu.paradisent.com

}

=20

[domain_realm]

.example.com =3D CHU.PARADISENT.COM

example.com =3D CHU.PARADISENT.COM

=20

[kdc]

profile =3D /var/kerberos/krb5kdc/kdc.conf

=20

[appdefaults]

pam =3D {

debug =3D false

ticket_lifetime =3D 36000

renew_lifetime =3D 36000

forwardable =3D true

krb4_convert =3D false

}

=20

=20

Here are some items of interest from the logs:

=20

192.168.0.5.log (similar errors in other logs)

[2006/02/11 21:06:59, 0] lib/debug.c:reopen_logs(597)

Unable to open new log file /usr/local/samba/var/paradise.log:
Permission denied

[2006/02/11 21:07:00, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)

Username CHU|PARADISE$ is invalid on this system

[2006/02/11 21:07:00, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)

Username CHU|PARADISE$ is invalid on this system

[2006/02/11 21:07:01, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)

Username CHU|PARADISE$ is invalid on this system

[2006/02/11 21:07:01, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)

Username CHU|PARADISE$ is invalid on this system

[2006/02/11 21:07:01, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)

Username CHU|PARADISE$ is invalid on this system

[2006/02/11 21:07:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)

Username CHU|PARADISE$ is invalid on this system

[2006/02/11 21:07:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)

Username CHU|PARADISE$ is invalid on this system

=20

Log.nmbd

[2006/02/11 00:28:23, 0] nmbd/nmbd.c:terminate(58)

Got SIGTERM: going down...

[2006/02/11 00:29:19, 0] nmbd/nmbd.c:main(727)

Netbios nameserver version 3.0.21b started.

Copyright Andrew Tridgell and the Samba Team 1992-2006

[2006/02/11 00:35:17, 0] nmbd/nmbd.c:terminate(58)

Got SIGTERM: going down...

[2006/02/11 00:35:17, 0] libsmb/nmblib.c:send_udp(791)

Packet send failed to 192.168.0.255(138) ERRNO=3DInvalid argument

[2006/02/11 00:38:46, 0] nmbd/nmbd.c:main(727)

Netbios nameserver version 3.0.21b started.

Copyright Andrew Tridgell and the Samba Team 1992-2006

[2006/02/11 20:57:46, 0] nmbd/nmbd.c:main(727)

Netbios nameserver version 3.0.21b started.

Copyright Andrew Tridgell and the Samba Team 1992-2006

[2006/02/11 21:22:33, 0] nmbd/nmbd.c:terminate(58)

Got SIGTERM: going down...

[2006/02/11 21:22:34, 0] nmbd/nmbd.c:main(727)

Netbios nameserver version 3.0.21b started.

Copyright Andrew Tridgell and the Samba Team 1992-2006

=20

Smbd.log

[2006/02/11 20:57:45, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(195)

startsmbfilepwent_internal: file /usr/local/samba/private/smbpasswd
did not exist. File successfully created.

[2006/02/11 20:58:12, 0] lib/util_sock.c:get_peer_addr(1225)

getpeername failed. Error was Transport endpoint is not connected

[2006/02/11 20:58:12, 0] lib/util_sock.c:get_peer_addr(1225)

getpeername failed. Error was Transport endpoint is not connected

[2006/02/11 21:06:56, 0] lib/util_sock.c:get_peer_addr(1225)

getpeername failed. Error was Transport endpoint is not connected

=20

Paradise.log

[2006/02/11 21:06:56, 0] lib/util_sock.c:write_data(557)

write_data: write failure in writing to client 192.168.0.5. Error
Connection reset by peer

[2006/02/11 21:06:56, 0] lib/util_sock.c:send_smb(765)

Error writing 4 bytes to client. -1. (Connection reset by peer)

=20

Tama.log

[2006/02/11 20:58:14, 0] lib/util_sock.c:write_data(557)

write_data: write failure in writing to client 0.0.0.0. Error
Connection reset by peer

[2006/02/11 20:58:14, 0] lib/util_sock.c:send_smb(765)

Error writing 4 bytes to client. -1. (Connection reset by peer)

=20

Log.wb-CHU

[2006/02/05 20:17:59, 0] nsswitch/winbindd_dual.c:child_read_request(49)

Got invalid request length: 0

[2006/02/10 23:09:04, 0] nsswitch/winbindd_dual.c:child_read_request(49)

Got invalid request length: 0

[2006/02/11 00:35:17, 0] nsswitch/winbindd_dual.c:child_read_request(49)

Got invalid request length: 0

[2006/02/11 19:57:04, 0] nsswitch/winbindd_dual.c:child_read_request(49)

Got invalid request length: 0

[2006/02/11 21:27:13, 0] nsswitch/winbindd_dual.c:child_read_request(49)

Got invalid request length: 0

=20

Here's the output from wbinfo and getent:

[root@zeus ~]$ wbinfo -u

CHU|administrator

CHU|guest

CHU|paradise$

CHU|krbtgt

CHU|iusr_paradise

CHU|iwam_paradise

CHU|jacob

CHU|8fd34871-30cc-4e8f-8

CHU|euq_paradise

CHU|annie

CHU|radicalannie$

CHU|tamaold$

CHU|dcs_paradise

CHU|tama$

CHU|aquarius$

CHU|zeus$

[root@zeus ~]$ wbinfo -g

CHU|domain computers

CHU|domain controllers

CHU|schema admins

CHU|enterprise admins

CHU|cert publishers

CHU|domain admins

CHU|domain users

CHU|domain guests

CHU|group policy creator owners

CHU|ras and ias servers

CHU|dnsadmins

CHU|dnsupdateproxy

CHU|iis_wpg

CHU|debugger users

CHU|exchange domain servers

CHU|exchange enterprise servers

CHU|smex admin group

CHU|household

[root@zeus ~]$ getent passwd

root:x:0:0:root:/root:/bin/tcsh

bin:x:1:1:bin:/bin:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

sync:x:5:0:sync:/sbin:/bin/sync

shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown

halt:x:7:0:halt:/sbin:/sbin/halt

mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

news:x:9:13:news:/etc/news:

uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin

operator:x:11:0:operator:/root:/sbin/nologin

games:x:12:100:games:/usr/games:/sbin/nologin

gopher:x:13:30:gopher:/var/gopher:/sbin/nologin

ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

nobody:x:99:99:Nobody:/:/sbin/nologin

dbus:x:81:81:System message bus:/:/sbin/nologin

vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin

nscd:x:28:28:NSCD Daemon:/:/sbin/nologin

rpm:x:37:37::/var/lib/rpm:/sbin/nologin

haldaemon:x:68:68:HAL daemon:/:/sbin/nologin

netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash

ident:x:98:98::/home/ident:/sbin/nologin

sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin

rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin

rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin

nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin

mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin

smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin

pcap:x:77:77::/var/arpwatch:/sbin/nologin

apache:x:48:48:Apache:/var/www:/sbin/nologin

squid:x:23:23::/var/spool/squid:/sbin/nologin

webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin

xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin

ntp:x:38:38::/etc/ntp:/sbin/nologin

gdm:x:42:42::/var/gdm:/sbin/nologin

jacob:x:500:500:Jacob Lear:/home/jacob:/bin/tcsh

clamav:x:501:501:Clam AntiVirus:/home/clamav:/sbin/nologin

pcguest:x:502:502:::/sbin/nologin

annie:x:503:504:Anne Gaines:/home/annie:/bin/tcsh

mysql:x:100:101:MySQL server:/var/lib/mysql:/bin/bash

named:x:25:25:Named:/var/named:/sbin/nologin

[root@zeus ~]$ getent group

root:x:0:root

bin:x:1:root,bin,daemon

daemon:x:2:root,bin,daemon

sys:x:3:root,bin,adm

adm:x:4:root,adm,daemon

tty:x:5:

disk:x:6:root

lp:x:7:daemon,lp

mem:x:8:

kmem:x:9:

wheel:x:10:root

mail:x:12:mail

news:x:13:news

uucp:x:14:uucp

man:x:15:

games:x:20:

gopher:x:30:

dip:x:40:

ftp:x:50:

lock:x:54:

nobody:x:99:

users:x:100:

dbus:x:81:

floppy:x:19:

vcsa:x:69:

nscd:x:28:

rpm:x:37:

haldaemon:x:68:

utmp:x:22:

netdump:x:34:

slocate:x:21:

ident:x:98:

sshd:x:74:

rpc:x:32:

rpcuser:x:29:

nfsnobody:x:65534:

mailnull:x:47:

smmsp:x:51:

pcap:x:77:

apache:x:48:

squid:x:23:

webalizer:x:67:

xfs:x:43:

ntp:x:38:

gdm:x:42:

jacob:x:500:

clamav:x:501:

pcguest:x:502:

webmaster:x:503:root,jacob,annie

annie:x:504:

mysql:x:101:

named:x:25:

=20

=20

Let me know if you need any more information, and thanks in advance for
any help you can offer. =3D)

=20

-Jacob.

=20

=20

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba