Link to home
Start Free TrialLog in
Avatar of grblades
grbladesFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Samba - Winbind authentication has stopped working

I performed an up2date upgrade on a Fedora FC2 machine a couple of days ago and now Samba is refusing all connections saying 'access denied'.

I am using winbind for authentication against a NT4 PDC. Windbind appears to be working as 'winbind -u' returns a full list of users.

[root@file2backup samba]# wbinfo -a DOMAIN/username%password
plaintext password authentication succeeded
challenge/response password authentication succeeded

[root@file2backup samba]# wbinfo -a username%password
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user misdept%mis81024 with plaintext password
challenge/response password authentication succeeded

In my log files I am getting :-

[2004/09/09 09:15:15, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
  user 'username' does not exist


Samba winbind configuration :-
        winbind separator = /
        winbind cache time = 10
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        obey pam restrictions = yes

Avatar of grblades
grblades
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

After the upgrade I had the following installed :-

samba-3.0.6-2.fc2.i386.rpm
samba-client-3.0.6-2.fc2.i386.rpm
samba-common-3.0.6-2.fc2.i386.rpm
system-config-samba-1.2.9-2.noarch.rpm

before the upgrade I had:-

samba-3.0.3-5.i386.rpm
samba-client-3.0.3-5.i386.rpm
samba-common-3.0.3-5.i386.rpm
system-config-samba-1.2.9-2.noarch.rpm

I have downgraded samba using the following command and it is now working again.
apt-get install samba=3.0.3-5 samba-client=3.0.3-5 samba-common=3.0.3-5

Any ideas what was going wrong?
ASKER CERTIFIED SOLUTION
Avatar of Gns
Gns

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I was testing it using my smb mount on my desktop computer which supplies all the login details and this is correct. It could be a library issue and certenly winbind was not resolving all the UID's back to the correct owner name so perhaps there is something with the database format.
Everything was installed using normal RPMs so there should not be any library mismatches.

I am migrating over from using NT4 domain controllers to using LDAP. It is quite a bit of work both on the server and every client but windows2003 server is just far too expensive for just a file server.
Avatar of Adrian Sluijters
check /etc/hosts.allow and /etc/hosts.deny

make sure that all:all is on in hosts.all (ONLY for test purposes)

if this works, tada! you just gotta config it :-)
Avatar of Gns
Gns

> windows2003 server is just far too expensive for just a file server.
Oh so true:-).

-- Glenn