[Samba] Samba not accepting AD users
Bruno Martins
bmomartins at gmail.com
Thu Sep 1 11:53:51 MDT 2011
On 09/01/2011 06:32 PM, Dale Schroeder wrote:
> On 09/01/2011 5:27 AM, Bruno Martins wrote:
>> On 09/01/2011 11:11 AM, David Roid wrote:
>>> Check out what does /var/log/samba/log say about logon failure? Also
>>> do you
>>> enable "ntlm auth"?
>>>
>>> -David
>>>
>>> 2011/9/1 Bruno Martins<bmomartins at gmail.com>
>>>
>>>> On 08/31/2011 06:57 PM, Dale Schroeder wrote:
>>>>> Bruno,
>>>>>
>>>>> This is not a valid option:
>>>>>
>>>>> idmap backend = 192.168.0.2
>>>>>
>>>>> The default is tdb, but there is also rid, ad, and ldap.
>>>>>
>>>>> Dale
>>>>>
>>>>>
>>>>> On 08/31/2011 5:57 AM, Bruno Martins wrote:
>>>>>> Hello everyone.
>>>>>>
>>>>>> I am setting up a Debian-based file and print server and I am not
>>>>>> being able
>>>>>> to authenticate with AD credentials. I think the error message is
>>>>>> this
>>>>>> one:
>>>>>> joe at sputnik:~$ tail /var/log/samba/log.__ffff_192.168.0.101
>>>>>> [2011/08/31 11:19:54.415130, 1]
>>>>>> smbd/sesssetup.c:454(reply_spnego_kerberos)
>>>>>> Username GALILEU-F\bmartins is invalid on this system
>>>>>>
>>>>>> More information about the system:
>>>>>> joe at sputnik:~$ uname -r
>>>>>> 2.6.32-5-686
>>>>>>
>>>>>> joe at sputnik:~$ wbinfo -g
>>>>>> domain guests
>>>>>> domain users
>>>>>> domain computers
>>>>>> group policy creator owners
>>>>>> cert publishers
>>>>>> domain controllers
>>>>>> exchange domain servers
>>>>>> domain admins
>>>>>> (...)
>>>>>>
>>>>>> joe at sputnik:~$ wbinfo -u
>>>>>> SPUTNIK\nobody
>>>>>> SPUTNIK\root
>>>>>> a230w
>>>>>> sqlexecutivecmdexec
>>>>>> ghelpdesk
>>>>>> pbernardo
>>>>>> (...)
>>>>>>
>>>>>> My smb.conf:
>>>>>> http://pastebin.com/5vMg5X82
>>>>>>
>>>>>> ... and my krb5.conf:
>>>>>> http://pastebin.com/SE9Pmt0Y
>>>>>>
>>>>>> ... also my nsswitch.conf:
>>>>>> http://pastebin.com/psL9SksW
>>>>>>
>>>>>> Can anyone please help me?
>>>>>>
>>>>>> Best regards,
>>>>>>
>>>>>> Bruno Martins
>>>> Good morning,
>>>>
>>>> I have changed that parameter to 'idmap backend = tdb' and even 'idmap
>>>> backend = ad' but didn't work.
>>>>
>>>> I keep getting this error:
>>>> root at sputnik:/home/joe# smbclient -L //localhost -U bmartins
>>>> Enter bmartins's password:
>>>> session setup failed: NT_STATUS_LOGON_FAILURE
>>>>
>>>> Also, 'testparm' doesn't show me that line, but that may be normal.
>>>>
>>>> And, by the way, when I do a 'getent passwd', the output just show me
>>>> local users, not domain ones.
>>>>
>>>> Best regards,
>>>>
>>>> Bruno Martins
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>> Hello David,
>>
>> Thanks for your help.
>>
>> Let me show you the output of some commands that may ask your second
>> question:
>> http://pastebin.com/Rj3Shbeu
>>
>> Regarding to logs, I have noticed a strange thing:
>> http://pastebin.com/yMaQek0h
>>
>> Is this a normal behaviour?
> Apparently so because I have seen those messages on working winbind
> systems.
>
> Compare your setup to the following to see if you might have missed
> anything.
>
> http://www.enterprisenetworkingplanet.com/netos/article.php/3487081/Join-Samba-3-to-Your--Active-Directory-Domain.htm
>
>
> http://www.enterprisenetworkingplanet.com/netsysm/article.php/3502441/Join-Linux-to-Active-Directory-With-Winbind.htm
>
>
> Dale
>>
>> Best regards,
>>
>> Bruno Martins
>> .
>>
Hello,
I can't believe the problem is related to the fact that I didn't have
add my KDC to /etc/hosts. :-)
It's done now! I'll continue the setup.
Thanks a lot, Dale, and everyone.
Best regards,
More information about the samba
mailing list