Solved

Samba - Winbind authentication has stopped working

Posted on 2004-09-09
5
4,440 Views
Last Modified: 2013-11-13
I performed an up2date upgrade on a Fedora FC2 machine a couple of days ago and now Samba is refusing all connections saying 'access denied'.

I am using winbind for authentication against a NT4 PDC. Windbind appears to be working as 'winbind -u' returns a full list of users.

[root@file2backup samba]# wbinfo -a DOMAIN/username%password
plaintext password authentication succeeded
challenge/response password authentication succeeded

[root@file2backup samba]# wbinfo -a username%password
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user misdept%mis81024 with plaintext password
challenge/response password authentication succeeded

In my log files I am getting :-

[2004/09/09 09:15:15, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
  user 'username' does not exist


Samba winbind configuration :-
        winbind separator = /
        winbind cache time = 10
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        obey pam restrictions = yes

0
Comment
Question by:grblades
  • 2
  • 2
5 Comments
 
LVL 36

Author Comment

by:grblades
ID: 12014152
After the upgrade I had the following installed :-

samba-3.0.6-2.fc2.i386.rpm
samba-client-3.0.6-2.fc2.i386.rpm
samba-common-3.0.6-2.fc2.i386.rpm
system-config-samba-1.2.9-2.noarch.rpm

before the upgrade I had:-

samba-3.0.3-5.i386.rpm
samba-client-3.0.3-5.i386.rpm
samba-common-3.0.3-5.i386.rpm
system-config-samba-1.2.9-2.noarch.rpm

I have downgraded samba using the following command and it is now working again.
apt-get install samba=3.0.3-5 samba-client=3.0.3-5 samba-common=3.0.3-5

Any ideas what was going wrong?
0
 
LVL 20

Accepted Solution

by:
Gns earned 500 total points
ID: 12028286
Could it be a lib missmatch for libnss_winbind or somesuch? Or perhaps the clients not using the DOMAIN/username, and you not defining to use the default domain (and the default for that having changed... I've not checked that, this pure unadalterated speculation:-)?

-- Glenn
0
 
LVL 36

Author Comment

by:grblades
ID: 12028580
I was testing it using my smb mount on my desktop computer which supplies all the login details and this is correct. It could be a library issue and certenly winbind was not resolving all the UID's back to the correct owner name so perhaps there is something with the database format.
Everything was installed using normal RPMs so there should not be any library mismatches.

I am migrating over from using NT4 domain controllers to using LDAP. It is quite a bit of work both on the server and every client but windows2003 server is just far too expensive for just a file server.
0
 
LVL 7

Expert Comment

by:pegasys
ID: 12031472
check /etc/hosts.allow and /etc/hosts.deny

make sure that all:all is on in hosts.all (ONLY for test purposes)

if this works, tada! you just gotta config it :-)
0
 
LVL 20

Expert Comment

by:Gns
ID: 12041922
> windows2003 server is just far too expensive for just a file server.
Oh so true:-).

-- Glenn
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question