[Samba] wbinfo works, getent and check via smbclient not
Karsten Römke
k.roemke at gmx.de
Wed Mar 3 07:20:23 MST 2010
Hello,
I have a problem in authentification vs ads.
History:
- Samba works as stand-alone server (non productive)
- some experiments with connection to a ldap-Server running on another -
machine.
- Trying to join to Active Directory, since I have no success I deinstalled
samba completely and reinstall it.
Versions:
OpenSuse 11.1 (actual apart from the kernel)
Samba samba-3.2.7-11.4.1
winbind: samba-winbind-3.2.7-11.4.1
Windows 2003 Server with ADS
I followed the artikel in
http://www.pro-linux.de/NB3/artikel/2/1110/3,next.html
(sorry it's german) and looked to the official samba howto.
The following tests I have done:
not sure: kinit, I set up /etc/krb5.conf
(roemke is a local user and a user of ADS with
admin rights)
net ads join -S hhbnt12.hhb.bonn.de -Uroemke%xyz
seems to work, Server says that I have joined the
Domain but DNS update failed.
test:
www:/etc/samba # net ads testjoin
Join is OK
test:
wbinfo -u
-> shows all usernames on active directory but no machines
as mentioned in the samba wiki
www:/etc/samba # wbinfo -a roemkea%xyz
plaintext password authentication succeeded
challenge/response password authentication succeeded
roemkea is a non local user, only available in the ads
getent passwd
shows only local users :-(
I checked the nsswitch.conf and do symbolik links
/lib/libnss_winbind ...
I think at that point I could stop, bu I tested via smbclient:
(roemkea is ADS User)
smbclient //www/documentsWrite -Uroemkea
-> NT_STATUS_ACCESS_DENIED
Log-File:
[2010/03/03 14:34:25, 3] auth/auth.c:check_ntlm_password(220)
check_ntlm_password: Checking password for unmapped user
[NT_TECHNOLOGIE]\[roemkea]@[WWW] with the new password interface
[2010/03/03 14:34:25, 3] auth/auth.c:check_ntlm_password(223)
check_ntlm_password: mapped user is: [NT_TECHNOLOGIE]\[roemkea]@[WWW]
[2010/03/03 14:34:25, 2] auth/auth.c:check_ntlm_password(318)
check_ntlm_password: Authentication for user [roemkea] -> [roemkea]
FAILED with error NT_STATUS_NO_SUCH_USER
with localuser roemke:
NT_STATUS_ACCESS_DENIED
but in the Log-File
[2010/03/03 14:35:33, 3] auth/auth.c:check_ntlm_password(220)
check_ntlm_password: Checking password for unmapped user
[NT_TECHNOLOGIE]\[roemke]@[WWW] with the new password interface
[2010/03/03 14:35:33, 3] auth/auth.c:check_ntlm_password(223)
check_ntlm_password: mapped user is: [NT_TECHNOLOGIE]\[roemke]@[WWW]
[2010/03/03 14:35:33, 3] auth/auth.c:check_ntlm_password(269)
check_ntlm_password: winbind authentication for user [roemke] succeeded
[2010/03/03 14:35:33, 2] auth/auth.c:check_ntlm_password(308)
check_ntlm_password: authentication for user [roemke] -> [roemke] ->
[roemke] succeeded
I found no hint.
It seems that for a local user winbind ask the ADS and get back that
the authentification is ok, but I don't get access.
For a non local user I get the Information that there is no such user.
I don't understand what happens.
Any help would be nice
Karsten
More information about the samba
mailing list