Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 31 Jan 2007 14:37:19 -0500
From:      Alex Wang <hadyn_whx@hotmail.com>
To:        freebsd-questions@freebsd.org
Subject:   samba 3.0.23d can't get work
Message-ID:  <20070131142242.9A95.HADYN_WHX@hotmail.com>

next in thread | raw e-mail | index | archive | help
Hi All

I upgrade samba from 3.0.22 to 3.0.23d through port tree. After that the
samba server stop working.

I can run wbinfo -u and wbinfo -g to get user/group list.

i can run wbinfo -a username%password and get 
plaintext password authentication succeeded
challenge/response password authentication succeeded

I use net ads join to my domain. 

The "net groupmap list" shows
Administrators (S-1-5-32-544) -> 502
Users (S-1-5-32-545) -> 503
But not full domain user list.

Same configuration was working under 3.0.22. I heard the 3.0.23 changed
a lot in the winbind mapping... But anyone can help me out?


Following are config file list.

smb.conf
[global]
        workgroup = TEST
        realm = TEST.COM
        server string = Samba Server
        security = ADS
        allow trusted domains = No
        password server = dc
        syslog only = Yes
        log level =3
        log file = /var/log/samba/smb.log
        max log size = 50
        dns proxy = No
        wins server = 192.168.0.10
        passdb expand explicit = No
        idmap backend = rid:TEST=1000-20000
        idmap uid = 1000-20000
        idmap gid = 1000-20000
        template homedir = /usr/samba/%U
        template shell = /bin/sh
        winbind cache time = 3600
        winbind use default domain = Yes
        winbind nested groups = Yes
        winbind enum users = Yes
        winbind enum groups = Yes
        hosts allow = 192.168.0.

[Test]
        path = /usr/samba
        read only = No

[Software]
        comment = Application
        path = /usr/samba/software
        valid users = @"Domain Users",@"Domain Admins"
        read only = Yes
        write list = @"Domain Admins"
        create mode = 0777
        directory mode = 0777

nsswitch.conf
group: files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: files winbind
passwd_compat: nis
shells: files
shadow: files winbind

krb5.conf
[logging]
        default = FILE:/var/log/krb5libs.log
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmind.log

[libdefaults]
        default_realm = TEST.COM
        dns_lookup_realm = false
        dns_lookup_kdc = false
        ticket_lifetime = 24h
        forwardable = yes

[realms]
        STEELCARE.COM = {
        kdc = dc.test.com
        admin_server = dc.test.com
        default_domain = test.com
        }

[domain_realms]
        .kerberos.server = TEST.COM
        .steelcare.com = TEST.COM

[appdefaults]
        pam = {
        debug = false
        ticket_lifetime = 36000
        renew_lifetime = 36000
        forwardable = true
        krb4_convert = false
        }


Thanks a lot


Alex









Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070131142242.9A95.HADYN_WHX>