Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4504
  • Last Modified:

Samba - Winbind authentication has stopped working

I performed an up2date upgrade on a Fedora FC2 machine a couple of days ago and now Samba is refusing all connections saying 'access denied'.

I am using winbind for authentication against a NT4 PDC. Windbind appears to be working as 'winbind -u' returns a full list of users.

[root@file2backup samba]# wbinfo -a DOMAIN/username%password
plaintext password authentication succeeded
challenge/response password authentication succeeded

[root@file2backup samba]# wbinfo -a username%password
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user misdept%mis81024 with plaintext password
challenge/response password authentication succeeded

In my log files I am getting :-

[2004/09/09 09:15:15, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
  user 'username' does not exist


Samba winbind configuration :-
        winbind separator = /
        winbind cache time = 10
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        obey pam restrictions = yes

0
grblades
Asked:
grblades
  • 2
  • 2
1 Solution
 
grbladesAuthor Commented:
After the upgrade I had the following installed :-

samba-3.0.6-2.fc2.i386.rpm
samba-client-3.0.6-2.fc2.i386.rpm
samba-common-3.0.6-2.fc2.i386.rpm
system-config-samba-1.2.9-2.noarch.rpm

before the upgrade I had:-

samba-3.0.3-5.i386.rpm
samba-client-3.0.3-5.i386.rpm
samba-common-3.0.3-5.i386.rpm
system-config-samba-1.2.9-2.noarch.rpm

I have downgraded samba using the following command and it is now working again.
apt-get install samba=3.0.3-5 samba-client=3.0.3-5 samba-common=3.0.3-5

Any ideas what was going wrong?
0
 
GnsCommented:
Could it be a lib missmatch for libnss_winbind or somesuch? Or perhaps the clients not using the DOMAIN/username, and you not defining to use the default domain (and the default for that having changed... I've not checked that, this pure unadalterated speculation:-)?

-- Glenn
0
 
grbladesAuthor Commented:
I was testing it using my smb mount on my desktop computer which supplies all the login details and this is correct. It could be a library issue and certenly winbind was not resolving all the UID's back to the correct owner name so perhaps there is something with the database format.
Everything was installed using normal RPMs so there should not be any library mismatches.

I am migrating over from using NT4 domain controllers to using LDAP. It is quite a bit of work both on the server and every client but windows2003 server is just far too expensive for just a file server.
0
 
pegasysCommented:
check /etc/hosts.allow and /etc/hosts.deny

make sure that all:all is on in hosts.all (ONLY for test purposes)

if this works, tada! you just gotta config it :-)
0
 
GnsCommented:
> windows2003 server is just far too expensive for just a file server.
Oh so true:-).

-- Glenn
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now