[Samba] Samba and AD integration

Bruno Martins bmartins at galileu.pt
Mon Sep 19 08:16:59 MDT 2011 

Hello everyone.

I am running Samba on a Debian system, and I'm currently getting the following error on the logs:

[2011/09/19 15:06:36.708281,  1] smbd/sesssetup.c:454(reply_spnego_kerberos)
  Username GALILEU-F\bmartins is invalid on this system

Being GALILEU-F my Windows domain and bmartins my username.

However, both 'wbinfo -g' and 'wbinfo -u' are working fine. Also, 'kinit (...)' works.

My smb.conf:
[global]
        workgroup = GALILEU-F
        realm = GALILEU-F.GALILEU.PT
        server string = Samba Server
        security = ADS
        auth methods = winbind
        password server = 192.168.0.2
        username map = /etc/samba/smbusers
        client NTLMv2 auth = Yes
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
        printcap name = cups
        dns proxy = No
        wins server = 192.168.0.2
        idmap uid = 200000-300000
        idmap gid = 200000-300000
        winbind use default domain = Yes
        winbind trusted domains only = Yes
        cups options = raw

My krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = GALILEU-F.GALILEU.PT
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

[realms]
GALILEU-F.GALILEU.PT = {
   kdc = jupiter.galileu-f.galileu.pt
   admin_server = jupiter.galileu-f.galileu.pt
   default_domain = galileu-f.galileu.pt
}

[domain_realm]
.jupiter.galileu-f.galileu.pt = GALILEU-F.GALILEU.PT
.galileu-f.galileu.pt = GALILEU-F.GALILEU.PT

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
}

And... /etc/nsswitch.conf:
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat  winbind
group:          compat  winbind
shadow:         compat

hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Can someone please give me a light on this?

Best regards,

Bruno Martins

More information about the samba mailing list