Issue
When trying to mount samba share off of domain member server sysimage in Windows receive error "There are currently no logon servers available to service this logon request". When trying to mount.cifs from PDC to samba share on sysimage receive error "mount error(13): Permission denied".
Background:
PDC is ClearOS 5.2 named "dc0"
Samba file server is CentOS 5.5 x86_64 named "sysimage"
dc0 Samba version is samba - 3.5.5-1.1.v5.i386
sysimage Samba version is samba-3.0.33-3.29.el5_5.1.x86_64
dc0 is configured correctly to my knowledge, windows machines can join domain, domain users can log into windows machines, user directories are mapped properly, logon scripts run properly.
sysimage ldap authentication is set up as shown in "Procedure 7.1. Configuration of NSS_LDAP-Based Identity Resolution" from samba's
documentation.
getent passwd correctly shows local and domain users on sysimage
getent group correctly shows local and domain groups on sysimage
sysimage was successfully joined to the domain using the above documentation.
I cannot login to sysimage using a domain account, but i can login with root and then su - to a domain account and can write to files/folders that that account has permission to.
I can chown files and folders to domain users and groups with no issue.
wbinfo -t output on sysimage:
Code:
checking the trust secret via RPC calls succeeded
wbinfo -u displays domain users
wbinfo -g displays domain groups
wbinfo -a domainUserName%domainUserPassword output:
Code:
plaintext password authentication succeeded
challenge/response password authentication succeeded
the ll on my shared directory is:
Quote:
[root@sysimage ~]# ll /srv/
total 8
drwxrwx--- 2 root domain_users 4096 Nov 23 17:48 test
|
files
smb.conf on sysimage
Code:
[global]
unix charset = LOCALE
workgroup = PLPNETWORK
security = DOMAIN
username map = /etc/samba/smbusers
log level = 10
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139
name resolve order = wins bcast hosts
wins server = 192.168.0.2
winbind trusted domains only = Yes
# LDAP
include = /etc/samba/smb.ldap.conf
# Winbind
include = /etc/samba/smb.winbind.conf
[test]
comment = Test Share
path = /srv/test
valid users = %S
read only = No
browseable = Yes
available = Yes
smb.ldap.conf on sysimage
Code:
passdb backend = ldapsam:ldap://192.168.0.2
ldap admin dn = cn=manager,cn=internal,dc=PLPNetwork,dc=com
ldap group suffix = ou=Groups,ou=Accounts
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers,ou=Accounts
ldap passwd sync = yes
ldap suffix = dc=PLPNetwork,dc=com
ldap user suffix = ou=Users,ou=Accounts
ldap connection timeout = 8
smb.winbind.conf on sysimage
Code:
idmap backend = ldap:ldap://192.168.0.2/
idmap uid = 10000000-19999999
idmap gid = 10000000-19999999
idmap alloc backend = ldap
idmap alloc config : ldap_url = ldap://192.168.0.2
idmap alloc config : ldap_base_dn = ou=idmap,dc=PLPNetwork,dc=com
idmap alloc config : ldap_user_dn = cn=manager,cn=internal,dc=PLPNetwork,dc=com
/etc/ldap.conf from sysimage
Code:
URI ldap://dc0.plpnetwork.com ldap://dc0.plpnetwork.com:636
host 192.168.0.2
base dc=PLPNetwork,dc=com
binddn cn=manager,cn=internal,dc=PLPNetwork,dc=com
bindpw XXXXXXXXXXXXXXXXX
pam_password exop
nss_base_passwd ou=Users,ou=Accounts,dc=PLPNetwork,dc=com?one
nss_base_shadow ou=Users,ou=Accounts,dc=PLPNetwork,dc=com?one
nss_base_group ou=Groups,ou=Accounts,dc=PLPNetwork,dc=com?one
ssl no
/etc/nsswitch.conf on sysimage
Code:
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns wins
networks: files dns
services: files
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files
publickey: files
bootparams: files
automount: files
aliases: files
smb.conf from dc0 minus shares info
Code:
[global]
# Setting password change timeout
passwd chat timeout = 10
# General
netbios name = dc0
workgroup = PLPNETWORK
server string = Domain Controller for PLPNetwork
# Logging
syslog = 0
log level = 1
log file = /var/log/samba/%L-%m
max log size = 0
utmp = Yes
# Network
bind interfaces only = yes
interfaces = lo eth0
smb ports = 139
# Printing
printcap name = /etc/printcap
load printers = Yes
# Security settings
security = user
guest account = guest
#restrict anonymous = 2
# WINS
wins support = Yes
wins server =
# PDC
domain logons = Yes
add machine script = /usr/sbin/samba-add-machine "%u"
logon drive =
logon script = logon.exe
logon path =
logon home =
# Other
preferred master = Yes
domain master = Yes
unix password sync = Yes
passwd program = /usr/sbin/userpasswd %u
passwd chat = *password:* %n\n *password:* %n\n *successfully.*
username map = /etc/samba/smbusers
wide links = No
# LDAP
include = /etc/samba/smb.ldap.conf
# Winbind
include = /etc/samba/smb.winbind.conf
smb.winbind.conf from dc0
Code:
# This file is automatically updated by ldapsync -- please do not edit.
idmap backend = ldap:ldap://127.0.0.1/
idmap uid = 10000000-19999999
idmap gid = 10000000-19999999
idmap alloc backend = ldap
idmap alloc config : ldap_url = ldap://127.0.0.1
idmap alloc config : ldap_base_dn = ou=idmap,dc=PLPNetwork,dc=com
idmap alloc config : ldap_user_dn = cn=manager,cn=internal,dc=PLPNetwork,dc=com
smb.ldap.conf from dc0
Code:
# This file is automatically updated by ldapsync -- please do not edit.
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = cn=manager,cn=internal,dc=PLPNetwork,dc=com
ldap group suffix = ou=Groups,ou=Accounts
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers,ou=Accounts
ldap passwd sync = no
ldap suffix = dc=PLPNetwork,dc=com
ldap user suffix = ou=Users,ou=Accounts
ldap connection timeout = 8
ldap.conf from dc0
Code:
# This file is automatically updated by ldapsync -- please do not edit.
host localhost
base dc=PLPNetwork,dc=com
scope sub
timelimit 50
pagesize 20000
bind_policy soft
pam_lookup_policy yes
pam_password exop
nss_initgroups_ignoreusers root,ldap
nss_schema rfc2307bis
nss_map_attribute uniqueMember member
ssl no
ldap_version 3
pam_filter objectclass=posixAccount
nss_base_passwd ou=Users,ou=Accounts,dc=PLPNetwork,dc=com
nss_base_passwd ou=Computers,ou=Accounts,dc=PLPNetwork,dc=com
nss_base_shadow ou=Users,ou=Accounts,dc=PLPNetwork,dc=com
nss_base_group ou=Groups,ou=Accounts,dc=PLPNetwork,dc=com
tls_checkpeer no
Any help would be greatly appreciated.