Samba config on CentOS 4.3
Hi,
First, sorry if this is a bit long. I've been working on this for a few days and it is not working. I think that I am pretty close to a solution but I don't know what to do next. I posted this on the Samba list a few days ago but got not answers so I'm trying here.
What I want to do: I want to join my Linux box in my Windows domain so that the share on the Linux box will be accessible from our windows machines using our Windows logons. Simple, no?
But I'm having problems finding what is wrong with my setup. Running Samba 3.0.10-1.4E.6 on CentOS 4.3. PDC is AD on Windows 2003.
Samba and winbind services are running.
My smb.conf file:
# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2006/05/30 10:52:16
# Global parameters
[global]
workgroup = MONTREAL
realm = CASTORTECH.COM
interfaces = eth0
security = ADS
password server = castor-srvr1
wins server = 192.168.64.20
[Main]
comment = Test
path = /
guest ok = yes
writeable = yes
I was able to join the domain with net ads join. I see the Linux box in AD. I also see it in my Network Places on Windows and the share called Main but it asks for a user/password when I try to access it and it doesn't work.
If I run net ads testjoin:
Join is OK
If I run net ads info:
LDAP server: 192.168.64.20
LDAP server name: castor-srvr1
Realm: CASTORTECH.COM
Bind Path: dc=CASTORTECH,dc=COM
LDAP port: 389
Server time: Fri, 02 Jun 2006 14:04:26 GMT KDC server: 192.168.64.20 Server time offset: -947
If I run net ads lookup:
Information for Domain Controller: castor-srvr1
Response Type: SAMLOGON
GUID: e7508a6a-4561-4440-b45c-9fd246d4c93c
Flags:
Is a PDC: yes
Is a GC of the forest: yes
Is an LDAP server: yes
Supports DS: yes
Is running a KDC: yes
Is running time services: yes
Is the closest DC: yes
Is writable: yes
Has a hardware clock: no
Is a non-domain NC serviced by LDAP server: no
Forest: castortech.com
Domain: castortech.com
Domain Controller: castor-srvr1.castortech.com
Pre-Win2k Domain: MONTREAL
Pre-Win2k Hostname: CASTOR-SRVR1
Site Name: Default-First-Site-Name
Site Name (2): Default-First-Site-Name
NT Version: 5
LMNT Token: ffff
LM20 Token: ffff
Net ads user also return a list of the domain's users.
Wbinfo -u and -g return a list of the domain's users and groups.
But if I run wbinfo -a simon%bvhdohgo I get:
plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc0000064) error messsage was: No such user Could not authenticate user simon%bvhdohgo with plaintext password challenge/response password authentication succeeded
I also tried with administrator but I got the same result.
But I ran wbinfo --set-auth-user=administrator%pass and get MONTREAL\administrator%pass if I run wbinfo --get-auth-user. So it is able to get the domain info. I don't get it.
And of course, getent passwd returns the local users, not the one from the domain.
Passwd, shadow and group are set as files winbind in /etc/nsswitch.conf.
Any idea what is wrong and what should I check next?
I'm getting desperate...
Thanks!
Simon
|