Re: [Samba] Accessing member server prompts for credentials
This is a discussion on Re: [Samba] Accessing member server prompts for credentials within the Samba forums, part of the Networking and Network Related category; > From: Toby Bluhm <tkb@midwestinstruments.com> > Date: 2008/06/18 Wed PM 03:35:58 GMT &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-19-2008
|
|||
|
|||
Re: [Samba] Accessing member server prompts for credentials
> From: Toby Bluhm <tkb@midwestinstruments.com>
> Date: 2008/06/18 Wed PM 03:35:58 GMT > To: samba@lists.samba.org > Subject: Re: [Samba] Accessing member server prompts for credentials > > Leon Stringer wrote: > > I'm still struggling with this if anyone can help. > > > >> I'm trying to join a server as an AD member but it isn't working. > >> > >> I do: > >> > >> kinit ADMINISTRATOR@DOMAIN1.CO.UK > >> > >> which prompts for the password and displays nothing else. Then I do: > >> > >> net ads join -U Administrator%XXXXX > >> > >> which returns: > >> > >> Using short domain name -- DOMAIN1 > >> Joined 'SERVER1' to realm 'DOMAIN1.CO.UK' > >> > >> So all looks OK, but when I try to browse the shares on \\server1 > >> from another domain member I'm prompted for a username and password. Any valid domain credentials are rejected. > > Actually, it all looks good so far, but you need a little more setup so > samba can authenticate accounts against AD. > > Do you have winbindd running? > What does 'wbinfo -t' tell you? > Do you have the winbind sections in smb.conf configured correctly? > Can you get a list of AD accounts with 'wbinfo -u'? > Did you configure nsswitch.conf correctly? > If 'id "DOMAIN\user"' returns useful info about the user, your machine > is authenticating with AD correctly. > Also, ntpd needs to sync the time very closely with the domain. 'date ; > net time -w DOMAIN' should show times that are within seconds of each other. > > > Go back to the Samba HOWTO and review Ch. 24 and 29. Any text in the > HOWTO that mentions NT4 or PDC or BDC configuration is not for your > situation. > > Did you see my comments about winbind at the bottom of that message? Toby: thanks for prompting me, I had missed those comments. I've configured nsswitch.conf hopefully correctly. And when I do wbinfo -t I get: the trust secret via RPC calls succeeded but only for the first five minutes after starting winbindd. After five minutes I get: checking the trust secret via RPC calls failed error code was (0x0) Could not check secret wbinfo -u does not work at any point. log.winbindd-idmap says: [2008/06/19 10:46:56, 0] nsswitch/winbindd_dual.c:async_request_timeout_handler(182) async_request_timeout_handler: child pid 21612 is not responding. Closing connection to it. [2008/06/19 10:46:56, 1] nsswitch/winbindd_util.c:trustdom_recv(229) Could not receive trustdoms Any more advice gratefully received. ----------------------------------------- Email sent from www.virginmedia.com/email Virus-checked using McAfee(R) Software and scanned for spam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba 
|
|
06-19-2008
|
|||
|
|||
|
Re: [Samba] Accessing member server prompts for credentials
Leon Stringer wrote:
> And when I do wbinfo -t I get: > > the trust secret via RPC calls succeeded > > but only for the first five minutes after starting winbindd. After > five minutes I get: > > checking the trust secret via RPC calls failed > error code was (0x0) > Could not check secret > > My setup was over 2 years ago on RHEL4 at my previous job and I had the problem of winbind dieing every so often so I did a hack and setup a cronjob to check every 10 minutes & restart it if needed. > wbinfo -u does not work at any point. > > log.winbindd-idmap says: > > [2008/06/19 10:46:56, 0] nsswitch/winbindd_dual.c:async_request_timeout_handler(182) > async_request_timeout_handler: child pid 21612 is not responding. Closing connection to it. > [2008/06/19 10:46:56, 1] nsswitch/winbindd_util.c:trustdom_recv(229) > Could not receive trustdoms > > Any more advice gratefully received. > > My experience was that winbind worked or it didn't. Never got the half working results you have. Here is the smb.conf I used. It was probably samba version ~ 3.0.10. I do remember that once I set 'ldap ssl = no' and 'allow trusted domains = no' it all started working for me. Also, when I was changing settings around, the tdb files would keep old info and mess things up for me. Since it was not in production yet, what I did was: stop samba rm /var/cache/samba/*.tdb rm /etc/samba/secrets.tdb Rejoin the domain start samba Just a warning - what worked for me back then may not be correct with today's version. 'testparm -v' will show you all smb.conf options and your current settings. [global] workgroup = DOMAIN realm = DOMAIN.EXAMPLE.COM server string = Samba Server Main security = ads log level = 0 vfs:2 log file = /var/log/samba/ALL.log max log size = 500 socket options = TCP_NODELAY load printers = No preferred master = No domain master = No dns proxy = No wins server = 192.168.100.100 netbios name = MAIN netbios aliases = PENGUIN ldap ssl = no idmap uid = 10000-3000000 idmap gid = 10000-3000000 template homedir = /users/%U template shell = /bin/bash winbind enum users = No winbind enum groups = No idmap backend = idmap_rid:DOMAIN=100000-3000000 allow trusted domains = no username map = /etc/samba/smbusers name resolve order = wins bcast cups options = raw disable spoolss = Yes show add printer wizard = No os level = 1 winbind use default domain = yes host msdfs = Yes admin users = DOMAIN\admin20 admin20 -- Toby Bluhm Alltech Medical Systems America, Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2240 ext203 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
|
06-19-2008
|
|||
|
|||
|
Re: [Samba] Accessing member server prompts for credentials
On Thu, Jun 19, 2008 at 10:08:34AM +0000, Leon Stringer wrote:
> > Toby: thanks for prompting me, I had missed those comments. I've configured nsswitch.conf hopefully correctly. > > And when I do wbinfo -t I get: > > the trust secret via RPC calls succeeded > > but only for the first five minutes after starting winbindd. After > five minutes I get: > > checking the trust secret via RPC calls failed > error code was (0x0) > Could not check secret > > wbinfo -u does not work at any point. > > log.winbindd-idmap says: > > [2008/06/19 10:46:56, 0] nsswitch/winbindd_dual.c:async_request_timeout_handler(182) > async_request_timeout_handler: child pid 21612 is not responding. Closing connection to it. > [2008/06/19 10:46:56, 1] nsswitch/winbindd_util.c:trustdom_recv(229) > Could not receive trustdoms > > Any more advice gratefully received. What Samba version is this please ? Looks like a bug I've fixed recently. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
Linear Mode
