[Samba] Make Samba4 ignore domain prefix on share logon

Jakub Veselý happy at gjh.sk
Sun Aug 16 18:56:03 UTC 2015 

Never mind I am an idiot. I have been experimenting with passwords and was
writing the wrong one after edit. It DOES work from smb client.

S pozdravom,

Jakub Veselý
Správca siete GJH
Novohradská 3, 82109 Bratislava
02/210 28 328

2015-08-16 20:51 GMT+02:00 Jakub Veselý <happy at gjh.sk>:

> Edited smb.conf to match yours and restarted both smbd and winbind. Did
> not work. Tried to smbclient from another server: session setup failed:
> NT_STATUS_LOGON_FAILURE. Our member server is also running Ubuntu 14.04 and
> Samba-4.1.6 (I might have mistakenly wirtten it was 4.1.7 in original
> email, dont remember now). Domain Users do have gid and users have uids.
>
>
> S pozdravom,
>
> Jakub Veselý
> Správca siete GJH
> Novohradská 3, 82109 Bratislava
> 02/210 28 328
>
> 2015-08-16 20:35 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
>
>> On 16/08/15 16:55, Jakub Veselý wrote:
>>
>>> I am trying to log in with my domain credentials, that are valid,
>>> because when I prefix the login it succeeds.
>>>
>>> S pozdravom,
>>>
>>> Jakub Veselý
>>> Správca siete GJH
>>> Novohradská 3, 82109 Bratislava
>>> 02/210 28 328
>>>
>>> 2015-08-16 17:46 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com
>>> <mailto:rowlandpenny241155 at gmail.com>>:
>>>
>>>     On 16/08/15 16:38, Jakub Veselý wrote:
>>>
>>>         Unfortunately 'map untrusted to domain = yes' did not help, I
>>>         still keep
>>>         getting wrong username or password error while accessing the
>>>         share. I do
>>>         have 'winbind use default domain = yes' in the configuration,
>>>         but seem to
>>>         have no effect on windows either. I am trying it from windows
>>>         10 PC that is
>>>         not joined to domain, could the os be an issue?
>>>
>>>         Jakub Vesely
>>>
>>>
>>>     possibly, but you are trying to connect as a user that just
>>>     doesn't exist (i.e. a user from outside the domain), you may need
>>>     to use 'map to Bad User', but as I said, post your smb.conf
>>>
>>>
>>>     Rowland
>>>
>>>
>>>     --     To unsubscribe from this list go to the following URL and
>>> read the
>>>     instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>>>
>> OK, I tried to login from a VM that isn't connected to my domain with a
>> domain user to a share on a member server and it works, the share is owned
>> by root:Domain Users with 0775 permissions
>>
>> My smb.conf is very similar to yours with the addition of these lines:
>>
>>         dedicated keytab file = /etc/krb5.keytab
>>         kerberos method = secrets and keytab
>>         winbind expand groups = 4
>>         winbind refresh tickets = Yes
>>         winbind normalize names = Yes
>>
>> I do not have these lines:
>>
>>   winbind trusted domains only = no
>>   map untrusted to domain = yes
>>
>> The share stanza is just this:
>>
>> [testshare]
>>         path = /home/share
>>         read only = no
>>
>> The command I used on the VM is this:
>>
>> smbclient \\\\computer.example.com\\testshare -U rowland%password
>>
>> The member server is running Linux Mint 17 (aka Ubuntu 14.04) with samba
>> 4.1.6
>>
>> My users have a uidNumber and Domain Users has a gidNumber.
>>
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>

More information about the samba mailing list