hullc65203
asked on
Can't logon to active directory with SUSE 10 samba computer
I've got 2 SUSE 10 servers running Samba. Both built at the same time, identical setups. Both were added to my AD. I set up samba shares on each, your basic "shared" and "workgroup" folders.
Both have been working well for basic file sharing until yesterday.
Office B's server doesn't seem to want to talk to the domain anymore. If I remove the server from AD on my Win 2003 machine, and re-add it, I can see the server name added to the AD. But if I try to logon to the domain, it tells me either the username or password were incorrect.
I looked in the Win2003 logs for failed logons, but there are none listed. Leads me to believe Samba isn't actually getting to the W2k3 machine.
I've put both SUSE configs (smb.conf, dns and hostname settings, etc) side-by-side and I don't see any difference.
Has anyone seen this before, or have an idea where I could look to resolve?
Both have been working well for basic file sharing until yesterday.
Office B's server doesn't seem to want to talk to the domain anymore. If I remove the server from AD on my Win 2003 machine, and re-add it, I can see the server name added to the AD. But if I try to logon to the domain, it tells me either the username or password were incorrect.
I looked in the Win2003 logs for failed logons, but there are none listed. Leads me to believe Samba isn't actually getting to the W2k3 machine.
I've put both SUSE configs (smb.conf, dns and hostname settings, etc) side-by-side and I don't see any difference.
Has anyone seen this before, or have an idea where I could look to resolve?
ASKER
If I do wbinfo I see users in the AD domain. If I run getent, I only see passwd/group for the local machine.
do you have an idmap range defined in the global section of smb.conf? i always add:
idmap backend = rid:DOMAIN=10000-20000
idmap uid = 10000-20000
idmap gid = 10000-20000
idmap backend = rid:DOMAIN=10000-20000
idmap uid = 10000-20000
idmap gid = 10000-20000
ASKER
I've got uid and gid, but don't have backend= in either smb.conf file.
Is DOMAIN "DOMAIN", or "MYDOMAIN.COM"?
Is DOMAIN "DOMAIN", or "MYDOMAIN.COM"?
just DOMAIN. you might also want to add the lines:
winbind enum users = yes
winbind enum groups = yes
if you don't already have them.
winbind enum users = yes
winbind enum groups = yes
if you don't already have them.
ASKER
Here's my sanitized smb.conf. Both machines have identical files.
[global]
workgroup = mycompany
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
idmap gid = 10000-20000
idmap uid = 10000-20000
security = domain
domain logons = No
domain master = No
passdb backend = smbpasswd
wins support = No
realm = MYCOMPANY.COM
template homedir = /home/%D/%U
winbind refresh tickets = yes
password server = *
usershare max shares = 100
template shell = /bin/bash
winbind offline logon = yes
ldap suffix =
wins server =
[global]
workgroup = mycompany
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
idmap gid = 10000-20000
idmap uid = 10000-20000
security = domain
domain logons = No
domain master = No
passdb backend = smbpasswd
wins support = No
realm = MYCOMPANY.COM
template homedir = /home/%D/%U
winbind refresh tickets = yes
password server = *
usershare max shares = 100
template shell = /bin/bash
winbind offline logon = yes
ldap suffix =
wins server =
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The next would be the pam configuration. I've had similar issues before and had to muddle with these files to fix my user login issues.
After you reconnect the SuSE install are you getting reasonable output from wbinfo -u/-g and getent passwd/group?