From owner-freebsd-questions@FreeBSD.ORG Fri Oct 20 16:27:07 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 19FF516A403 for ; Fri, 20 Oct 2006 16:27:07 +0000 (UTC) (envelope-from work@ashleymoran.me.uk) Received: from mercureh.reacthosting.com (reacthosting.com [195.177.245.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E60D43D49 for ; Fri, 20 Oct 2006 16:27:05 +0000 (GMT) (envelope-from work@ashleymoran.me.uk) Received: from hosta.jigsawfinance.com ([213.106.224.113] helo=[192.168.0.34]) by mercureh.reacthosting.com with esmtpa (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GaxD3-000Cnu-Ij for freebsd-questions@freebsd.org; Fri, 20 Oct 2006 17:27:04 +0100 Mime-Version: 1.0 (Apple Message framework v752.3) Content-Transfer-Encoding: 7bit Message-Id: <41089E7B-849E-470C-B953-AF2D2F3B17B6@ashleymoran.me.uk> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: freebsd-questions@freebsd.org From: Ashley Moran Date: Fri, 20 Oct 2006 17:26:59 +0100 X-Mailer: Apple Mail (2.752.3) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - mercureh.reacthosting.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [26 6] X-AntiAbuse: Sender Address Domain - ashleymoran.me.uk X-Source: X-Source-Args: X-Source-Dir: Subject: Samba file server with ActiveDirectory accounts... pw usershow not working X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Oct 2006 16:27:07 -0000 Hi I asked about this a while back and a few of you were good enough to give me some pointers. I've been forced to look again at Samba because the single unmirrored disk not covered by the backup scripts that a certain sysadmin installed crashed the other day. So I thought we need a better solution. My ultimate aim is a server with a share for our company, which we can log into using our AD accounts and each have a personal folder. I already have my server joined to the domain from the last time I looked at this. Here are some diagnostics: # net ads testjoin Join is OK # wbinfo -D JIGSAWHQ Name : JIGSAWHQ Alt_Name : jigsawhq.com SID : S-1-5-21-1085031214-1957994488-1343024091 Active Directory : Yes Native : No Primary : Yes Sequence : 1172959 # wbinfo -u ...list of usernames... (not prepended by the domains, but neither is it on our Linux servers either) # wbinfo -g ...list of groups... # ntlm_auth --username=ashleymoran password: NT_STATUS_OK: Success (0x0) # cat /etc/nsswitch.conf group: files winbind hosts: files dns winbind networks: files passwd: files winbind shells: files However this command *should* now work, but doesn't: # pw user show PawelKaminski pw: no such user `PawelKaminski' The output in log.wb-JIGSAWHQ (winbindd -d3) is this below. Presumably this bit... [2006/10/20 16:35:18, 3] libsmb/clikrb5.c:ads_krb5_mk_req(552) ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) is bad, but I don't know what it means or how to fix it (googling has left me no wiser) [2006/10/20 16:35:17, 3] nsswitch/ winbindd_async.c:winbindd_dual_lookupname(709) [93883]: lookupname JIGSAWHQ\PawelKaminski [2006/10/20 16:35:17, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(257) rpc: name_to_sid name=JIGSAWHQ\PawelKaminski [2006/10/20 16:35:17, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(265) name_to_sid [rpc] JIGSAWHQ\PawelKaminski for domain JIGSAWHQ [2006/10/20 16:35:17, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine JIGSAW-SBS02 pipe \lsarpc fnum 0x8012 bind request returned ok. [2006/10/20 16:35:17, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(941) Got challenge flags: [2006/10/20 16:35:17, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x62890235 [2006/10/20 16:35:17, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(963) NTLMSSP: Set final flags: [2006/10/20 16:35:17, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60080235 [2006/10/20 16:35:17, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2006/10/20 16:35:17, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60080235 [2006/10/20 16:35:17, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2006/10/20 16:35:17, 3] nsswitch/ winbindd_user.c:winbindd_dual_userinfo(146) [93883]: lookupsid S-1-5-21-1085031214-1957994488-1343024091-1383 [2006/10/20 16:35:17, 3] nsswitch/winbindd_ads.c:query_user(478) ads: query_user [2006/10/20 16:35:17, 3] libsmb/namequery.c:get_dc_list(1426) get_dc_list: preferred server list: ", jigsaw-sbs02.jigsawhq.com" [2006/10/20 16:35:18, 3] libads/ldap.c:ads_connect(287) Connected to LDAP server 192.168.0.1 [2006/10/20 16:35:18, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2006/10/20 16:35:18, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2006/10/20 16:35:18, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2006/10/20 16:35:18, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2006/10/20 16:35:18, 3] libads/sasl.c:ads_sasl_spnego_bind(219) ads_sasl_spnego_bind: got server principal name =jigsaw-sbs02 $@JIGSAWHQ.COM [2006/10/20 16:35:18, 3] libsmb/clikrb5.c:ads_krb5_mk_req(552) ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) [2006/10/20 16:35:18, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(488) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Sat, 21 Oct 2006 02:36:48 BST [2006/10/20 16:35:18, 3] nsswitch/winbindd_ads.c:query_user(535) ads query_user gave PawelKaminski I'd be very grateful if anyone has some hints on how to get this working. I've spent all day reading about Samba, Kerberos, Winbind, NSS and on and on... It's still new to me so I don't know how it glues together. THanks Ashley