[Samba] AD integration - Administrator can log in but no one else can
yan at seiner.com
yan at seiner.com
Thu Feb 6 14:43:23 MST 2014
I have an Ubuntu 12.04 LTS server that I am trying to get integrated into
the company AD.
The global AD administrator with the username Administrator can log in and
access the shares on the samba box.
No other user, even users with Administrator privileges, can.
check_ntlm_password: authentication for user [Administrator] ->
[Administrator] -> [WIKI\Administrator] succeeded
check_ntlm_password: Authentication for user [yans] -> [yans] FAILED
with error NT_STATUS_NO_SUCH_USER
The yans user (me) can log into any computer except the samba box. Even
if I granted Admin privileges I am still refused.
Eventually I need to integrate this into our existing network but for now
I need to get user logins working.
The users do not have unix accounts on the samba box. They do not need
any accounts unless required to by samba.
I can't figure out what I am doing wrong. I have tried many things;
here's my current smb.conf:
[global]
workgroup = hpm
server string = %h server (Samba/Ubuntu)
log level = 2
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = ads
realm = hpm.net
idmap backend = lwopen
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
[mediawiki]
comment = Manuals Wiki Folders
read only = yes
path = /srv/mediawiki
read list = @wikiread
guest ok = no
[manuals]
comment = Manuals for download
path = /srv/mediawiki/downloads
browsable = yes
writeable = yes
read list = @wikiread
write list = @wikiwrite
create mask = 0775
guest ok = no
[covers]
comment = cover images for manuals
path = /srv/mediawiki/local/covers
browsable = yes
writeable = yes
read list = @wikiread
write list = @wikiwrite
guest ok = no
create mask = 0775
/etc/nsswitch.conf:
passwd: compat lsass winbind
group: compat lsass winbind
shadow: compat
hosts: files dns winbind wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
More information about the samba
mailing list