| View previous topic :: View next topic |
| Author |
Message |
richard.scott
Veteran
Joined: 19 May 2003
Posts: 1497
Location: Oxfordshire, UK
|
 Posted: Fri Feb 16, 2007 9:59 am Post subject: Domain authentication fails on Samba 3.0.24 [Solved] |
 |
|
Hi,
I have recently upgraded Samba like I usually do when a new version comes out. However, this time when I try to mount a share from a windows machine I get prompted for a username/password instead of the PDC handling the authentication like before.
If I downgrade to Samba-3.0.22-r3 without changing any of my config files or use flangs everything works fine! 
Here is the emerge options used in the downgrade:
| Code: | [ebuild UD] net-fs/samba-3.0.22-r3 [3.0.24] USE="acl -async -automount -cups -doc -examples (-fam%) kerberos -ldap -ldapsam% -libclamav% mysql%* -oav pam -postgres% python -quotas readline (-selinux) -swat -syslog winbind xml%*" LINGUAS="(-ja%) (-pl%)" 17,148 kB
Total: 1 package (1 downgrade), Size of downloads: 17,148 kB |
Does anyone know of a new "default" option that I need to disable for this to work?
Last edited by richard.scott on Tue Mar 27, 2007 8:22 pm; edited 1 time in total |
|
| Back to top |
|
 |
RaymaN
Tux's lil' helper
Joined: 15 Aug 2002
Posts: 93
Location: Earth, Europe, Germany, Berlin
|
| Posted: Fri Feb 16, 2007 3:25 pm Post subject: |
|
|
| the same problem here! any ideas? |
|
| Back to top |
|
|
richard.scott
Veteran
Joined: 19 May 2003
Posts: 1497
Location: Oxfordshire, UK
|
| Posted: Fri Feb 16, 2007 3:41 pm Post subject: |
|
|
| RaymaN wrote: | | the same problem here! any ideas? |
I mean this in the nicest possible way: Phew  .... I thought I was the only one!
I've stuck with Samba-3.0.22-r3 for now  ..... its not a fix, but my server is in constant use!! |
|
| Back to top |
|
|
richard.scott
Veteran
Joined: 19 May 2003
Posts: 1497
Location: Oxfordshire, UK
|
|
| Back to top |
|
|
darkphader
Veteran
Joined: 09 May 2002
Posts: 1225
Location: Motown
|
| Posted: Thu Feb 22, 2007 7:15 pm Post subject: |
|
|
Release Notes for Samba 3.0.23b
| Quote: | Since Samba 3.0.8, it has been recommended that all domain accounts
listed in smb.conf on a member server be fully qualified with the
domain name. This is now a requirement. |
Chris
_________________
WYSIWYG - What You See Is What You Grep |
|
| Back to top |
|
|
richard.scott
Veteran
Joined: 19 May 2003
Posts: 1497
Location: Oxfordshire, UK
|
| Posted: Thu Feb 22, 2007 7:35 pm Post subject: |
|
|
| darkphader wrote: | Release Notes for Samba 3.0.23b
| Quote: | Since Samba 3.0.8, it has been recommended that all domain accounts
listed in smb.conf on a member server be fully qualified with the
domain name. This is now a requirement. |
Chris |
<whistling> oops, thanks Crhis.....I must have skipped over that part thinking it was directly to do with an older version 
I'll test this tomorrow and mark the ticket as solved once I'm happy!
Many thanks for your help  |
|
| Back to top |
|
|
nianderson
Guru
Joined: 06 May 2003
Posts: 369
Location: Lawrence, KS
|
| Posted: Tue Mar 27, 2007 7:00 pm Post subject: |
|
|
| So did that solve it for you? |
|
| Back to top |
|
|
richard.scott
Veteran
Joined: 19 May 2003
Posts: 1497
Location: Oxfordshire, UK
|
| Posted: Tue Mar 27, 2007 8:23 pm Post subject: |
|
|
| nianderson wrote: | | So did that solve it for you? |
It sure did, using domain+username in my config fixed it!
feel a bit of a muppet now |
|
| Back to top |
|
|
nianderson
Guru
Joined: 06 May 2003
Posts: 369
Location: Lawrence, KS
|
| Posted: Wed Mar 28, 2007 12:22 am Post subject: |
|
|
can you post snippets of what you fixed? Ive got some issue with upgrading to .24
| Code: |
ldap_initialize: Bad parameter to an ldap r
outine |
does that look similar to what you were getting? |
|
| Back to top |
|
|
richard.scott
Veteran
Joined: 19 May 2003
Posts: 1497
Location: Oxfordshire, UK
|
| Posted: Wed Mar 28, 2007 10:04 am Post subject: |
|
|
| nianderson wrote: | can you post snippets of what you fixed? Ive got some issue with upgrading to .24
| Code: |
ldap_initialize: Bad parameter to an ldap r
outine |
does that look similar to what you were getting? |
Nope, I was only getting an authentication fail for a domain user trying to access a share. I found out that I need to use the following in my smb.conf:
| Code: | [global]
winbind use default domain = yes
winbind separator = + |
and the change this in the share config:
| Code: | | valid users = r.scott |
To this:
| Code: | | valid users = DOMAIN+r.scott |
Once I did that, it all worked again.
Perhaps there is a similar thing for doing ldap lookups?
From doing a quick google I found the following:
http://www.mail-archive.com/samba@lists.samba.org/msg82548.html
it suggests using the following in your [global] area:
| Code: | | passdb backend = ldapsam:ldap://ldapmaster1.biochem.mpg.de:389/ |
Sorry I can't be any more help, I don't use LDAP as yet  |
|
| Back to top |
|
|
|
Networking & Security
