[Samba] Samba authentication fails unless unix account exists
John Kakritz
john.kakritz at gcmail.maricopa.edu
Fri Mar 11 22:26:11 GMT 2005
I've set up Samba 3.0.9 with ADS support and open LDAP 2.2.23 on freeBSD
5.3. I've got all the essential services working as far as i can tell.
Nmbd, smbd, and winbindd are running. I've created a machine account in
the domain with the net ads join command. Wbinfo -u returns a list of
my AD domain users in the DOMAIN\username format Wbinfo -g returns my
groups in the same format. Changes to users and groups in AD all seem
to propagate almost immediately. My shares can be accessed with the
appropriate permissions using my account.
My problem is that users cannot authenticate to Samba unless an account
with the same name (but not necessarily the same password) exists in the
unix passwd file. If i make an account that matches the AD domain
account on the BSD box (even if it has a different password) then that
user can authenticate via samba but if no unix account exists the user
cannot authenticate.
For example, a
/wbinfo -a FULLY.QUALIFIED.DOMAIN//username%password/
returns
/
plaintext password authentication succeeded
challenge/response password authentication succeeded/
but a
/smbclient -L localhost -Uusername/
returns
/read_socket_with_timeout: timeout read. read error = Connection reset
by peer.
session setup failed: Read error: Connection reset by peer/
any suggestions?
More information about the samba
mailing list