From owner-freebsd-questions@FreeBSD.ORG Sun Sep 3 18:59:08 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C0BA516A4E1 for ; Sun, 3 Sep 2006 18:59:08 +0000 (UTC) (envelope-from atom.powers@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1399943D45 for ; Sun, 3 Sep 2006 18:59:07 +0000 (GMT) (envelope-from atom.powers@gmail.com) Received: by nf-out-0910.google.com with SMTP id n29so1087458nfc for ; Sun, 03 Sep 2006 11:59:06 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=RtMiCIGd8p0tMoKYlWTXfHbTJe92vKM4CuQnjNBmj/6vXeIjnTOHfAyrwTLKhCZH0tyIlfVBi5pZPc3bKBR2wK1a09m8uxYpUGNhJpLGsPtA2ihxSxMjDGuejGHx9EPrOCbaCtO6AgqpVFox/2bdtzvDZh/lGJF7NgyA/DVWPps= Received: by 10.49.8.10 with SMTP id l10mr5744076nfi; Sun, 03 Sep 2006 11:59:06 -0700 (PDT) Received: by 10.49.67.14 with HTTP; Sun, 3 Sep 2006 11:59:06 -0700 (PDT) Message-ID: Date: Sun, 3 Sep 2006 11:59:06 -0700 From: "Atom Powers" To: rhavenn@rhavenn.net In-Reply-To: <200609031346.05261.rhavenn@rhavenn.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200609031346.05261.rhavenn@rhavenn.net> Cc: freebsd-questions@freebsd.org Subject: Re: samba problem; member server can't authenticate X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Sep 2006 18:59:08 -0000 On 9/3/06, Henrik Hudson wrote: > > I have a Samba PDC and a Samba Member Server. > > The Samba PDC works fine, but the problem is that the Member Server can't > authenticate users and let me browse file shares and i always get the error: > NT_STATUS_NO_LOGON_SERVERS Sounds like your member server can't contact the pdc's logon service. > the wierd thing is that sometimes: SMBCLIENT -L ECWTEST > will work and list my shares. However, the first time I actually try to > authenticate a user to browse a share the whole shebang stops and I get the > above error. I'm using Konqueror and smb://ecwtest/sharename to connect. Try to always use FQDN (ecwtest.domain.blah); or be very careful and complete in the way you set up your name resolution (WINS, DNS). Especially if you have hosts on different subnets. > I don't need to make any PAM changes to allow just file / share authentication > do I? No. Samba doesn't use PAM. > One thing, the member server is a new rebuild of a machine with the same name > and the PDC is a upgrade using the TDBs, etc.. from backup. I did remove the > machine account from the PDC and then re-added it using net join and that > worked fine. > > I ran through the test at the back of the "offical book" and all of them work > except the actual sharing and the nmblookup -d 2 '*' on the member server > and of course the smbclient specific ones. nmblookup is a WINS resolution tool. If your WINS server is not configured and functioning and your computers are on different subnets (or have blocking firewalls) you will have problems. If you don't use FQDN samba will, probably, be using WINS to resolve your host names. > > the member server smb.conf: > > # Global parameters > [global] > workgroup = ECW > netbios name = ECWTEST > #server string = Samba %v on %L > server string = > security = domain > password server = ECWSERVER Make that an FQDN hostname or ip address. > wins server = 10.0.0.6 > encrypt passwords = yes > idmap uid = 15000-20000 > idmap gid = 15000-20000 > winbind use default domain = yes > guest ok = yes > follow symlinks = no > case sensitive = no > os level = 33 > > preferred master = no > domain master = no > > #bind interfaces only = yes > #interfaces = fxp0 lo0 > #hosts deny = ALL > #hosts allow = 10.0.0.0/24 127. > > name resolve order = hosts wins bcast > And check your firewall rules. -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers--