grblades
asked on
Samba - Winbind authentication has stopped working
I performed an up2date upgrade on a Fedora FC2 machine a couple of days ago and now Samba is refusing all connections saying 'access denied'.
I am using winbind for authentication against a NT4 PDC. Windbind appears to be working as 'winbind -u' returns a full list of users.
[root@file2backup samba]# wbinfo -a DOMAIN/username%password
plaintext password authentication succeeded
challenge/response password authentication succeeded
[root@file2backup samba]# wbinfo -a username%password
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user misdept%mis81024 with plaintext password
challenge/response password authentication succeeded
In my log files I am getting :-
[2004/09/09 09:15:15, 1] nsswitch/winbindd_group.c: winbindd_g etgroups(1 059)
user 'username' does not exist
Samba winbind configuration :-
winbind separator = /
winbind cache time = 10
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
obey pam restrictions = yes
I am using winbind for authentication against a NT4 PDC. Windbind appears to be working as 'winbind -u' returns a full list of users.
[root@file2backup samba]# wbinfo -a DOMAIN/username%password
plaintext password authentication succeeded
challenge/response password authentication succeeded
[root@file2backup samba]# wbinfo -a username%password
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user misdept%mis81024 with plaintext password
challenge/response password authentication succeeded
In my log files I am getting :-
[2004/09/09 09:15:15, 1] nsswitch/winbindd_group.c:
user 'username' does not exist
Samba winbind configuration :-
winbind separator = /
winbind cache time = 10
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
obey pam restrictions = yes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I was testing it using my smb mount on my desktop computer which supplies all the login details and this is correct. It could be a library issue and certenly winbind was not resolving all the UID's back to the correct owner name so perhaps there is something with the database format.
Everything was installed using normal RPMs so there should not be any library mismatches.
I am migrating over from using NT4 domain controllers to using LDAP. It is quite a bit of work both on the server and every client but windows2003 server is just far too expensive for just a file server.
Everything was installed using normal RPMs so there should not be any library mismatches.
I am migrating over from using NT4 domain controllers to using LDAP. It is quite a bit of work both on the server and every client but windows2003 server is just far too expensive for just a file server.
check /etc/hosts.allow and /etc/hosts.deny
make sure that all:all is on in hosts.all (ONLY for test purposes)
if this works, tada! you just gotta config it :-)
make sure that all:all is on in hosts.all (ONLY for test purposes)
if this works, tada! you just gotta config it :-)
> windows2003 server is just far too expensive for just a file server.
Oh so true:-).
-- Glenn
Oh so true:-).
-- Glenn
ASKER
samba-3.0.6-2.fc2.i386.rpm
samba-client-3.0.6-2.fc2.i
samba-common-3.0.6-2.fc2.i
system-config-samba-1.2.9-
before the upgrade I had:-
samba-3.0.3-5.i386.rpm
samba-client-3.0.3-5.i386.
samba-common-3.0.3-5.i386.
system-config-samba-1.2.9-
I have downgraded samba using the following command and it is now working again.
apt-get install samba=3.0.3-5 samba-client=3.0.3-5 samba-common=3.0.3-5
Any ideas what was going wrong?