Ubuntu Servers :: Samba BDC Not Authenticating Users
Jul 18, 2010
I have two ubuntu 10.04 64-bit servers running samba (3.4.7) and openLDAP (2.4.21). The LDAP directory is successfully replicating between the two servers. These servers also serve as LDAP servers for sudo, pam, nss, and other services for a dozen servers without issues. The BDC samba is configured to use itself for LDAP. I connected to the BDC using the samba ldap credentials and verified I could a) see the Computer object b) read NTPassword and LMPassword. The workstations can authenticate to the domain successfully against the PDC. If a workstation boots and connects to the BDC, they login fails with:
[2010/07/18 11:46:23, 0] rpc_server/srv_netlog_nt.c:336(get_md4pw)
get_md4pw: Workstation MACHINENAME$: no account in domain
[2010/07/18 11:46:23, 0] rpc_server/srv_netlog_nt.c:584(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: failed to get machine password for account MACHINENAME$: NT_STATUS_ACCESS_DENIED
Successful authentication against the PDC shows:
[2010/07/18 11:59:20, 1] smbd/service.c:1063(make_connection_snum)
MACHINENAME (192.168.2.145) connect to service netlogon initially as user username (uid=30000, gid=512) (pid 1727)
[2010/07/18 11:59:20, 1] smbd/service.c:1063(make_connection_snum)
MACHINENAME (192.168.2.145) connect to service data initially as user nobody (uid=65534, gid=65534) (pid 1727) .....
All of sudden a working SAMBA server not allowing to login and deny permission for users to access it shares. When I check I checked the server directory rights are same, find no changes. and smb.conf is also same. when I checked closely I found the following error.
1. smbd.log show the following messages
[2011/06/14 16:07:15, 0] lib/util_sock.c:get_peer_addr(1232) getpeername failed. Error was Transport endpoint is not connected [2011/06/14 16:07:15, 0] lib/util_sock.c:read_data(540) read_data: read failure for 4 bytes to client 0.0.0.0. Error = Connection reset by peer [2011/06/14 16:07:36, 0] lib/util_sock.c:get_peer_addr(1232) getpeername failed. Error was Transport endpoint is not connected [2011/06/14 16:07:36, 0] lib/util_sock.c:get_peer_addr(1232)
If I want to add Windows & Mac users as Samba users, must I first add them all as Ubuntu users? If so, since none of the other users will actually be working on the Ubuntu Server, how do I disable the other non-admin users on the Ubuntu Server login screen. I am using Webmin to administer some server settings, and command line for others.
I have a problem with sendmail. I am using the zen.spamhaus.org dnsbl, and it is doing a wonderful job of blocking incoming spam from open relays. But it is blocking my users who are on a dynamic ip range from any isp remotely. They should be able to authenticate and send messages no matter where they are as long as they authenticate right? I just want to use the blacklist to block incoming mail to my server that is being distributed to our email addresses.
I want to block people that are hosting mail servers and sending mail to my domain from isp sub-nets. But I don't want to block my users that are sitting on isp subnets using their mail client to authenticate over smtp and send an email from my mail servers.
First, I'm extremely green with linux. I'm trying to configure my CentOS 5.2 box to authenticate my SSH users with my Active Directory. What would be the best way to go about doing that? I've configured Winbind and joined it the the domain but I'm not able to login locally or SSH with an AD account. I'm not sure where to go from here. Also my users will not be accessing any file shares on this box, SSH only.
I am trying to setup my opensue 11.3 server as a pdc using openldap and samba I am continuously getting a network path not found error message on my windows xp box. I already verified that the network settings are good.
# smb.conf is the main Samba configuration file. You find a full commented # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the # samba-doc package is installed. # Date: 2010-07-05 [global]
When I try to add a user to samba (using the GNOME UI) in F12, after enter all the information and click OK.it will just hang for about 20 seconds, and then do nothing. Window is still there, I click OK again and same thing.heres the steps i followed:
1) click preferences, Samba Users... 2) click add user 3) select user "joe" (example) from drop down of users 4) enter "joe" windows user name 5) enter password for joe (same as user password) 6) click OK 7) hangs 20 seconds then nothing.window is still there.click OK again same thing no user added
Below is marina, a sales rep, and brian, a super user of sorts. id marina: Code: uid=1011(marina) gid=1006(office) groups=1006(office),1005(sales) id nick: Code: uid=1000(brian) gid=1006(office) groups=1006(office),118(admin),1001(full),1002(processing),1003(management),1004(it),1005(sales)
Below is the directory with all the sales reps folders. ls -la: Code: total 60 drwxrwxr-x 15 root it 4096 2011-02-10 20:06 . drwxr-x--- 9 root office 4096 2010-11-19 12:40 .. drwxrwx--- 13 katya full 4096 2010-12-07 12:36 Katya drwxrwx--- 18 lana full 4096 2011-02-08 17:09 Lana drwxrwx--- 23 marina full 4096 2011-02-10 18:09 Marina drwxrwx--- 4 mike full 4096 2011-02-01 12:42 Mike
With this setup marina only be able to browse her folder, but she can browse all folders and has full write access to all folders. This leads me to believe something is up with the smbd.conf file, which is below.
Code: [global] workgroup = COMTREAD null passwords = no server string = Root Server dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 .....
In this case the valid users directive would not work cause I am not making a share for each user. I had this on other shares like the db2 share. My windows box lagged heavily when I tried to access that share with an invalid user. How to deny users the ability to modify permissions I would also like to do that.
I want to use samba in ubuntu.For samba users i make a user in my linux box like
# useradd smith # useradd jone
These users can also login into my ubuntu system if they want. For samba I want to know that, is there any way to create separate valid list of samba users so that they may access files from windows xp.
How can I set permissions for users within the share? Example: I have a share called Programming and some user can create folders within it most others can not, can read the documents. How do I set permissions?
I've installed Ubuntu Server 7.10 Gutsy and Webmin 1.500 on it. The thing that I want to do is: I want to share a folder an sub folders for windows users ( guest user) I should modify those folders from my ubuntu desktop 9.10 karmic they are all same folders. Is it possible? if yes how can i make it. you can tell from webmin or samba configuration file.
In my ongoing hunt for a Samba GUI that is feature packed, well supported, easy to use, yet doesn't suck, I found myself tinkering with eBox. I have it installed and fired up but I'm a little confused. I can add a Samba share - okay great. But I sorta need to add users. Where on earth can I add users? The users and group section of eBox doesn't appear to be related to what I need, and I also cannot get into the access control section of the very share I just created.
I have Ubuntu server 10.04 joined to a domain using Likewise Open. I can login using my domain credentials and have added my domain account to the sudoers file. Now that I've got it joined to the domain I want to add some samba shares and have domain members use their accounts to access them. However, no matter what combination of my domain name and the domain user or group I use in the valid users field it won't let me in. What's the proper way of inputting a domain user or group in the valid user field?
This is the entry I'm using for the share:
Code: [testshare] path = /srv/testshare valid users = @"Domain Name+Domain Group" (Have tried many things here) public = no writable = yes printable = no create mask = 0765
I don't know if the problem is the way I create my shares on the Domain member, but here is the way I've configured my systems. My systems are home based, and though the topology may be all wrong, it's set up this way only for test purposes. I love to get things up and running.I've already had a Domain Member running under Samba 3.02xx (Centos), but I'm having problems under Ubuntu and Samba 3.40
Server call Citadel is a VMware Server. I've got 3 virutal machines on this Server, 2 Ubunt 9.10 servers, and 1 Windows XP pro. One of my virtual servers is call Winserver, a Samba PDC server using TDBSAM as it's backend. Configured and working well. I have a share that I can access.On my Windows XP, I'm a domain member, able to access my WinserverServer share "Linux Doc", but when I try to access my domain member, it keeps asking me to login.
I need to set up ssh/sftp/network shares all authenticating with AD. I want to use likewise to do the auth, but to mount the network shares I need to use an older version of samba so it can connect with likewise.How can I go about installing an older version of samba onto this new distro of the OS? I've tried installing the lenny and etch versions but I always get an error during install just saying that samba errored.
I have configured samba server on fedora machine and i am trying to authenticate a winxp machine through samba server but the issue is winxp machine is not becoming the part of the domain. The error is A domain controller for the domain HOMEDOMAIN could not be contacted.Ensure that the domain name is typed correctly. If the name is correct, click Details for troubleshooting information.
here is the configuration file text..
# Samba config file created using SWAT # from UNKNOWN (8) # Date: 2010/01/31 18:51:36 [global] workgroup = HOMEDOMAIN server string = Samba as Domain Controller.
The company I work for, as usual, is Microsoft-centric. I'm attempting to integrate my Ubuntu server into the domain to allow domain users to authenticate to the server and access file shares using Samba. Here's my current configuration:
I work as an system administrator for AIX and Linux servers. We have an FTP server running in Linux which has shared folders to Windows domain using Samba. The new requirement is to map users created to Linux machine to Windows users in such a way that, when a user logins into Windows machine with an ID say "X123" in domain "TEST", his access control to the samba shares should reflect based on the same user ID created in Linux machine.(FYI. Both the Windows and LINUX machines are in same network and domain). Please let me know the step by step procedure to configure Linux machine (smb.conf entries or any new file to be created for user mapping) to identify Windows user Login and provide access restrictions accordingly.
I wish to prevent the samba messages (mainly nmbd and winbindd) from appearing in the system log (/var/log/messages). I want to allow samba logging to the standard samba logfiles, but prevent the syslog getting clogged up by samba. I added syslog = 0 to smb.conf and reloaded the config but the messages were still appearing. I also tried the following (and restarted the syslog via /sbin/service syslog restart) # Suppress messages from samba.
For interests sake the messages I'm getting are below (I'm not concerned about the messages themselves, I can chase them up at my leisure via the samba logs) Mar 18 09:58:29 SERVER nmbd: query_name_response: Multiple (2) responses received for a query on subnet xx.yy.z.zz for name DOMAIN<1d>. Mar 18 09:58:29 SERVER nmbd: This response was from IP xx.yy.z.zz, reporting an IP address of xx.yy.z.zz.
If I try to connect to my Samba server with one user ("alex"), everything works fine. If I try to connect with a different user, ("guest"), I receive the error:
Code: Retrying with upper case share name mount error(6): No such device or address Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) Both users have been added as samba users using `smbpasswd -a` These are the settings I've added in my smb.conf file:
I have configure few folders access by 3 users, In common folder only users that create that document can do changes. The rest of the users can only read the file but can not do changes. Ownership of the folder is admin, group is sambashare which already have the access create and delete files. All the 3 users already in sambashare main group, and they only can edit the file that they copy or create to the common folder .........
All I want is a simple Samba installation that anonymous users/guests can access. I have modified the smb.conf file so much using 'tips' that should enable a simple folder share. Nothing works. If I share the folder using Nautilus share then the folder is accessible without any credentials from only Win7 and android ES File Explorer. XP can't see the folder, nor can any other linux device. I want to switch to linux as a main OS but without shares it's not practical. Does anyone have a stripped down smb.conf which provides guest access to a single folder?
Here's the latest testparm -s Code: $ testparm -s Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section "[printers]" Processing section "[print$]" Loaded services file OK. Server role: ROLE_STANDALONE [global] workgroup = MSHOME server string = %h server (Samba, LinuxMint) security = SHARE map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Entersnews*spassword:* %n *Retypesnews*spassword:* %n *passwordsupdatedssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d path = /home/mint/Shared read only = No create mask = 0777 guest ok = Yes
[printers] comment = All Printers path = /var/spool/samba read only = Yes create mask = 0700 guest ok = No printable = Yes browseable = No
[print$] comment = Printer Drivers path = /var/lib/samba/printers read only = Yes guest ok = No
I've done all this config [URL] This config for the "foo" folder:
("pruebas" its a user)
[foo] path = /home/pruebas ready only = no guest ok = yes
I have the [HOME] code too, its everything fine with it, and I cant connect with another user ("alfredo") from Red Hat to Windows XP with no problem... but as soon as I double click in "foo" directory, appears this:
Already tried to disconnect from windows the directories with "net use" but it doesn't work
At my office we are having a samba sever, staff will access their respective folder from their Windows XP systems. I wish to track all user access activity like file creation, modification, deletion and etc. I tried smbstatus -v, from the output I am not able to guess what the user done. I am giving some of the results I get please help me or you can suggest best way to get access log.
Samba version 3.0.25b-0.el5.4 PID Username Group Machine 14721 govind govind tsl-019 (10.0.2.64) 4832 chandra chandra trivent-9b92c9c (10.0.2.106) Service pid machine Connected at
I'm not sure if this is even possible and I've tired searching, but I can't seem to figure it out. I have a few shares setup in Samba. I want them to prompt for a username and password. If an invalid user/pass is entered I want the user to be authenticated as a guest.