[Samba] Kerberos, Samba, and XP wanting to map local users with authenticated ones
Jeremy Allison
jra at samba.org
Fri May 27 16:28:23 MDT 2011
On Fri, May 27, 2011 at 04:56:25PM -0400, Mauricio Tavares wrote:
> Ok, I understand if I only have kerberos and windows, if I login as a
> kerberos user, I better have a local user mapped to it or I will not
> be able to login. But, now I have samba involved. If I tell it about
> kerberos server,
>
> workgroup = LAZYASS
> realm = MY.REALM
> security = ads
> kerberos method = system keytab
>
> shouldn't it see there is local (to samba's server) user bob,
> principal bob at MY.REALM, and then mount bob's homedir if I try to login
> as bob? Or am I missing an important step? I did join the xp box to
> LAZYASS and can see there the fileserver's home fileshare (the only
> thing I am exporting). But that is as far as I get.
>
> The exact error message I am getting is
>
> "The system cannot log you on due to the following error:
>
> Mapping between account names and security IDs was done."
>
> It almost sounds like it is completely ignoring the samba side of the show.
Do you have winbindd running ? You need this to generate
the local UNIX userid's that Samba will use to represent
Windows users.
More information about the samba
mailing list