samba problem; member server can't authenticate

Atom Powers atom.powers at gmail.com
Sun Sep 3 11:59:08 PDT 2006 

On 9/3/06, Henrik Hudson <rhavenn at rhavenn.net> wrote:
>
> I have a Samba PDC and a Samba Member Server.
>
> The Samba PDC works fine, but the problem is that the Member Server can't
> authenticate users and let me browse file shares and i always get the error:
> NT_STATUS_NO_LOGON_SERVERS

Sounds like your member server can't contact the pdc's logon service.

> the wierd thing is that sometimes:  SMBCLIENT -L ECWTEST
> will work and list my shares. However, the first time I actually try to
> authenticate a user to browse a share the whole shebang stops and I get the
> above error. I'm using Konqueror and smb://ecwtest/sharename to connect.

Try to always use FQDN (ecwtest.domain.blah); or be very careful and
complete in the way you set up your name resolution (WINS, DNS).
Especially if you have hosts on different subnets.

> I don't need to make any PAM changes to allow just file / share authentication
> do I?

No. Samba doesn't use PAM.

> One thing, the member server is a new rebuild of a machine with the same name
> and the PDC is a upgrade using the TDBs, etc.. from backup. I did remove the
> machine account from the PDC and then re-added it using net join and that
> worked fine.
>
> I ran through the test at the back of the "offical book" and all of them work
> except the  actual sharing and the nmblookup -d 2 '*' on the member server
> and of course the smbclient specific ones.

nmblookup is a WINS resolution tool. If your WINS server is not
configured and functioning and your computers are on different subnets
(or have blocking firewalls) you will have problems. If you don't use
FQDN samba will, probably, be using WINS to resolve your host names.

>
> the member server smb.conf:
>
> # Global parameters
> [global]
> workgroup = ECW
> netbios name = ECWTEST
> #server string = Samba %v on %L
> server string =
> security = domain
> password server = ECWSERVER

Make that an FQDN hostname or ip address.

> wins server = 10.0.0.6
> encrypt passwords = yes
> idmap uid = 15000-20000
> idmap gid = 15000-20000
> winbind use default domain = yes
> guest ok = yes
> follow symlinks = no
> case sensitive = no
> os level = 33
>
> preferred master = no
> domain master = no
>
> #bind interfaces only = yes
> #interfaces = fxp0 lo0
> #hosts deny = ALL
> #hosts allow = 10.0.0.0/24 127.
>
> name resolve order = hosts wins bcast
>

And check your firewall rules.

-- 
--
Perfection is just a word I use occasionally with mustard.
--Atom Powers--

More information about the freebsd-questions mailing list