Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Need Howto for SMB Authentication

  1. #1
    Join Date
    Jul 2008
    Location
    Some place in Washington
    Posts
    258

    Default Need Howto for SMB Authentication

    Trying to authenticate against a Samba PDC. Recieve Access Denied error message, following a message suggesting looking towards KDM logs.

    Is there any good HowTo's for smb authentication?

    John

  2. #2
    Join Date
    Jul 2008
    Location
    Some place in Washington
    Posts
    258

    Default Re: Need Howto for SMB Authentication

    Looking at the following link...
    PDC Authentication HOWTO

    Its a great explanation, but doesnt follow the PAM file format that OpenSuSE uses. The writer based the doc off a RedHat install. I am abit nervous modifying pam files when the document isnt written for OpenSuSE.

    John

  3. #3
    Join Date
    Jul 2008
    Location
    Some place in Washington
    Posts
    258

    Default Re: Need Howto for SMB Authentication

    So it appears that I can authenticate against a Windows AD without issue. But authenticating against Samba PDC, there is nearly no good documentation geared towards OpenSuSE users.

    Unless nothing else comes up, I guess I will try this again in the next version of SLES and OpenSuSE.

    At this point, does any one have any good commands on the client that they run to trouble shoot weather the client is connecting?

    I have tried wbinfo -u, and get no responce.

    John

  4. #4
    PV NNTP User

    Default Re: Need Howto for SMB Authentication

    On Thu October 29 2009 04:16 pm, Johnfm3 wrote:

    >
    > So it appears that I can authenticate against a Windows AD without
    > issue. But authenticating against Samba PDC, there is nearly no good
    > documentation geared towards OpenSuSE users.
    >
    > Unless nothing else comes up, I guess I will try this again in the next
    > version of SLES and OpenSuSE.
    >
    > At this point, does any one have any good commands on the client that
    > they run to trouble shoot weather the client is connecting?
    >
    > I have tried wbinfo -u, and get no responce.
    >
    > John
    >
    >

    John;

    Samba uses ntlm passwords. The password data base is provided through the
    PDC. Thus PAM does not really come in here.

    1. First make sure the Samba ports are open on your machine. Samba needs the
    following ports:
    TCP: 135,139 and 445
    UDP: 137,138
    You must also allow Broadcasts through the firewall.
    While testing, try just turning off the firewall. Once you have Samba working
    without the firewall open the above ports and turn the firewall back on.

    2. To fully use domain resources you need to add your machine to the domain
    with the net rpc command.
    Code:
    net rpc join member -U<administrator>%<admpasswd>
    <administrator> is the name of the domain administrator and <admpasswd> is
    his/her password.
    See: man net

    3. Make sure that the workgroup set in /etc/samba/smb.conf is the name of
    your domain and that both nmbd and smbd are running.

    4. Although it does not directly apply to your issue of joining a Samba
    Domain, I think you will find the following Howto on Samba useful to you.
    http://opensuse.swerdna.org/suselanprimer.html

    5. You need to have a user who is authorized to use domain resources. i.e.
    You need a domain account.

    Best of luck. OpenSuse is fully able to participate or control a Samba
    Domain.
    --
    P. V.
    "We're all in this together, I'm pulling for you." Red Green

  5. #5
    Join Date
    Jul 2008
    Location
    Some place in Washington
    Posts
    258

    Default Re: Need Howto for SMB Authentication

    Good points that I didnt speak of. I have dissabled all firewalls for the testing of this setup.

    I also didnt state, but I have joined the OpenSuSE 11.1 box to the SLES 11 PDC Domain (smb.local).

    I did have the workgroup setting correct. It was done in yast samba-server.
    smb.conf
    workgroup = SMB.LOCAL

    The strange thing is, the server can do a net lookup <username> and find the info pertaining to the needed user. But I cant pull any info using wbinfo -u -g, and the client has no luck at all.

    John

  6. #6
    Join Date
    Jul 2008
    Location
    Some place in Washington
    Posts
    258

    Default Re: Need Howto for SMB Authentication

    Users are being stored in LDAP. Is there a good way to pull user info that SMB see's from the LDAP? I would have thought that wbinfo -u -g would have pulled all users and groups.

    John

  7. #7
    PV NNTP User

    Default Re: Need Howto for SMB Authentication

    On Thu October 29 2009 05:56 pm, Johnfm3 wrote:

    >
    > Users are being stored in LDAP. Is there a good way to pull user info
    > that SMB see's from the LDAP? I would have thought that wbinfo -u -g
    > would have pulled all users and groups.
    >
    > John
    >
    >

    John;
    Is winbindd running?
    --
    P. V.
    "We're all in this together, I'm pulling for you." Red Green

  8. #8
    Join Date
    Jul 2008
    Location
    Some place in Washington
    Posts
    258

    Default Re: Need Howto for SMB Authentication

    Server doesnt have winbind installed.
    Client winbind installed and running.

    John

  9. #9
    Join Date
    Jul 2008
    Location
    Some place in Washington
    Posts
    258

    Default Re: Need Howto for SMB Authentication

    But the server is working when logging in on a Windows Machine.
    Does that make sense?

    John

  10. #10
    PV NNTP User

    Default Re: Need Howto for SMB Authentication

    On Thu October 29 2009 06:16 pm, Johnfm3 wrote:

    >
    > But the server

    Which machine does the word "server" refer? The PDC?
    > is working when logging in on a Windows Machine.
    > Does that make sense?
    >
    > John
    >
    >

    John;
    If your domain is really a ".local" domain, make sure /etc/host.conf contains
    the parameter:
    Code:
    mdns off
    (see: man host.conf)
    This may alone solve your problem.

    If the above does not help:
    Can you explain just a bit just exactly what you are trying to do? Are you
    trying to set up a member server or just access a Samba Domain as a client?
    What version of OpenSuse are you trying to configure (11.1)? Can you post
    the contents of /etc/samba/smb.conf? Conceal any sensitive information
    (Public IP/Domain name etc) with substitute values.

    --
    P. V.
    "We're all in this together, I'm pulling for you." Red Green

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •