[Samba] Failed to find authenticated user via getpwnam(), denying access
Krutskikh Ivan
stein.hak at gmail.com
Wed May 20 11:50:38 MDT 2015
Hi,
I'm trying a basic setup : samba 4.2 on vm as ad dc, linux server as a dc
member with samba shares and win 7 as a ad member and samba client.
Unix attrs are assigned, windows auth and linux kinit work ok. But when I
try to access samba share from windows a get an error above in my log.smb:
check_ntlm_password: Checking password for unmapped user
[KURSK]\[video]@[EVENT] with the new password interface
[2015/05/20 19:52:36.319290, 3]
../source3/auth/auth.c:180(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [KURSK]\[video]@[EVENT]
[2015/05/20 19:52:36.319324, 4] ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2015/05/20 19:52:36.319351, 4] ../source3/smbd/uid.c:485(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2015/05/20 19:52:36.319376, 4] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2015/05/20 19:52:36.326815, 4] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2015/05/20 19:52:36.327565, 3]
../source3/auth/auth_util.c:1247(check_account)
Failed to find authenticated user KURSK\video via getpwnam(), denying
access.
[2015/05/20 19:52:36.327620, 2]
../source3/auth/auth.c:288(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [video] -> [video] FAILED
with error NT_STATUS_NO_SUCH_USER
What am I missing here?
Linux ad member smb.conf:
[global]
workgroup = KURSK
security = ADS
realm = KURSK.MTT
server role = member server
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
log level = 4
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config KURSK:backend = ad
idmap config KURSK:schema_mode = rfc2307
idmap config KURSK:range = 10000-99999
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = Yes
winbind expand groups = 4
winbind normalize names = Yes
domain master = no
local master = no
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
[demoshare]
path = /archive/video
read only = no
krb5.conf :
[libdefaults]
default_realm = KURSK.MTT
dns_lookup_realm = false
dns_lookup_kdc = true
clockskew = 300
[domain_realm]
.kursk.mtt = KURSK.MTT
[realms]
KURSK.MTT = {
kdc = debian-dc.kursk.mtt
default_domain = kursk.mtt
admin_server = debian-dc.kursk.mtt
}
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
minimum_uid = 1
clockskew = 300
external = sshd
use_shmem = sshd
}
[logging]
kdc = FILE:/var/log/krb5.log
kdc = SYSLOG:INFO
default = SYSLOG:UNFO:USER
/etc/nsswitch.conf :
#passwd: compat
#group: compat
passwd: compat winbind
group: compat winbind
shadow: files winbind
hosts: files mdns_minimal [NOTFOUND=return] dns
networks: files dns
services: files
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files nis
publickey: files
bootparams: files
automount: files nis
aliases: files
More information about the samba
mailing list