Samba - Winbind authentication has stopped working

I performed an up2date upgrade on a Fedora FC2 machine a couple of days ago and now Samba is refusing all connections saying 'access denied'.

I am using winbind for authentication against a NT4 PDC. Windbind appears to be working as 'winbind -u' returns a full list of users.

[root@file2backup samba]# wbinfo -a DOMAIN/username%password
plaintext password authentication succeeded
challenge/response password authentication succeeded

[root@file2backup samba]# wbinfo -a username%password
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user misdept%mis81024 with plaintext password
challenge/response password authentication succeeded

In my log files I am getting :-

[2004/09/09 09:15:15, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
  user 'username' does not exist


Samba winbind configuration :-
        winbind separator = /
        winbind cache time = 10
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        obey pam restrictions = yes

LVL 36
grbladesAsked:
Who is Participating?
 
GnsConnect With a Mentor Commented:
Could it be a lib missmatch for libnss_winbind or somesuch? Or perhaps the clients not using the DOMAIN/username, and you not defining to use the default domain (and the default for that having changed... I've not checked that, this pure unadalterated speculation:-)?

-- Glenn
0
 
grbladesAuthor Commented:
After the upgrade I had the following installed :-

samba-3.0.6-2.fc2.i386.rpm
samba-client-3.0.6-2.fc2.i386.rpm
samba-common-3.0.6-2.fc2.i386.rpm
system-config-samba-1.2.9-2.noarch.rpm

before the upgrade I had:-

samba-3.0.3-5.i386.rpm
samba-client-3.0.3-5.i386.rpm
samba-common-3.0.3-5.i386.rpm
system-config-samba-1.2.9-2.noarch.rpm

I have downgraded samba using the following command and it is now working again.
apt-get install samba=3.0.3-5 samba-client=3.0.3-5 samba-common=3.0.3-5

Any ideas what was going wrong?
0
 
grbladesAuthor Commented:
I was testing it using my smb mount on my desktop computer which supplies all the login details and this is correct. It could be a library issue and certenly winbind was not resolving all the UID's back to the correct owner name so perhaps there is something with the database format.
Everything was installed using normal RPMs so there should not be any library mismatches.

I am migrating over from using NT4 domain controllers to using LDAP. It is quite a bit of work both on the server and every client but windows2003 server is just far too expensive for just a file server.
0
 
pegasysCommented:
check /etc/hosts.allow and /etc/hosts.deny

make sure that all:all is on in hosts.all (ONLY for test purposes)

if this works, tada! you just gotta config it :-)
0
 
GnsCommented:
> windows2003 server is just far too expensive for just a file server.
Oh so true:-).

-- Glenn
0
All Courses

From novice to tech pro — start learning today.