Date: Sun, 3 Sep 2006 15:40:35 -0500 From: Henrik Hudson <rhavenn@rhavenn.net> To: freebsd-questions@freebsd.org Subject: Re: samba problem; member server can't authenticate Message-ID: <200609031540.35199.rhavenn@rhavenn.net> In-Reply-To: <200609031346.05261.rhavenn@rhavenn.net> References: <200609031346.05261.rhavenn@rhavenn.net>
next in thread | previous in thread | raw e-mail | index | archive | help
FYI: It seems the winbind use default domain = yes was getting the member server all messed up in the head. I removed that and suddenly it became just a problem of changing my permissions to include the ECW domain in the allowed users. Thanks for the responses. henrik On Sunday 03 September 2006 13:46, Henrik Hudson <rhavenn@rhavenn.net> sent a missive stating: > Hey List- > > I tried the Samba lists...but didn't get any tips there..so possibly a > freebsd issue? Dunno, anyways.... > > I have a Samba PDC and a Samba Member Server. > > The Samba PDC works fine, but the problem is that the Member Server can't > authenticate users and let me browse file shares and i always get the > error: NT_STATUS_NO_LOGON_SERVERS > > the wierd thing is that sometimes: SMBCLIENT -L ECWTEST > will work and list my shares. However, the first time I actually try to > authenticate a user to browse a share the whole shebang stops and I get the > above error. I'm using Konqueror and smb://ecwtest/sharename to connect. > > I don't need to make any PAM changes to allow just file / share > authentication do I? > > One thing, the member server is a new rebuild of a machine with the same > name and the PDC is a upgrade using the TDBs, etc.. from backup. I did > remove the machine account from the PDC and then re-added it using net join > and that worked fine. > > I ran through the test at the back of the "offical book" and all of them > work except the actual sharing and the nmblookup -d 2 '*' on the member > server and of course the smbclient specific ones. > > wbinfo -u and wbinfo -g work on the member server and i can chown files to > users only in the PDC in the samba users file. I just can't authenticate. > > the only error I'm seeing is in log.wb-ECW and its: > [2006/09/03 12:54:12, 1] > rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) > cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR > received from remote machine ECWSERVER pipe \lsarpc fnum 0x70a8! > [2006/09/03 13:17:04, 1] > rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) > cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR > received from remote machine ECWSERVER pipe \NETLOGON fnum 0x7549! > [2006/09/03 13:38:05, 0] nsswitch/winbindd_dual.c:child_read_request(49) > Got invalid request length: 0 > [2006/09/03 13:38:12, 1] > rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) > cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR > received from remote machine ECWSERVER pipe \lsarpc fnum 0x7104! > > > > Here is my setup: > > PDC: ECWSERVER ; FreeBSD 6-stable and samba-3.0.23b,1 > member: ECWTEST ; freeBSD 6-stable and samba-3.0.23b,1 > > Both servers are on the same network and have static IPs. i am able to > ping, etc.. using the netbios names > > my /etc/nssswitch.conf is the same on both: > group: files winbind > group_compat: nis > hosts: files dns > networks: files > passwd: files winbind > passwd_compat: nis > shells: files > > PDC smb.conf: > # Global parameters > [global] > workgroup = ECW > netbios name = ECWSERVER > passdb backend = tdbsam:/usr/local/etc/samba/private/passwd.tdb > os level = 65 > preferred master = yes > domain master = yes > local master = yes > domain logons = yes > wins support = yes > #server string = Samba %v on %L > server string = > security = USER > encrypt passwords = yes > disable spoolss = Yes > guest ok = yes > follow symlinks = no > case sensitive = no > idmap uid = 15000-20000 > idmap gid = 15000-20000 > username map = /usr/local/etc/samba/smbusers > > name resolve order = hosts wins bcast > time server = Yes > > #printing options > #printing = cups > #printcap name = cups > #load printers = yes > #show add printer wizard = Yes > #printer admin = @ecwadmins,@wheel > > #user scripts > add user script = /usr/sbin/pw useradd -n %u -g > ecwusers -s /usr/sbin/nologin -c "" > delete user script = /usr/sbin/pw userdel -n %u > add group script = /usr/sbin/pw groupadd -n %g > delete group script = /usr/sbin/pw groupdel -n %g > add user to group script = /usr/sbin/pw usermod -n %u -g %g > #add machine script = /usr/sbin/pw useradd -n %u -g > 100 -s /usr/sbin/nologin -d /dev/null > > #user directories > logon home = \\%N\%U\ > logon drive = H: > > #roaming profiles > logon path = > > ############################# > > > the member server smb.conf: > > # Global parameters > [global] > workgroup = ECW > netbios name = ECWTEST > #server string = Samba %v on %L > server string = > security = domain > password server = ECWSERVER > wins server = 10.0.0.6 > encrypt passwords = yes > idmap uid = 15000-20000 > idmap gid = 15000-20000 > winbind use default domain = yes > guest ok = yes > follow symlinks = no > case sensitive = no > os level = 33 > > preferred master = no > domain master = no > > #bind interfaces only = yes > #interfaces = fxp0 lo0 > #hosts deny = ALL > #hosts allow = 10.0.0.0/24 127. > > name resolve order = hosts wins bcast > > > > Thanks. > > henrik -- Henrik Hudson rhavenn@rhavenn.net ------------------------------ "There are 10 kinds of people in the world: Those who understand binary and those who don't..."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609031540.35199.rhavenn>