[Samba] Failed to find authenticated user via getpwnam(), denying access
Krutskikh Ivan
stein.hak at gmail.com
Wed May 20 13:18:33 MDT 2015
The problem was due to winbind missing symlinks in opensuse 13.1/13.2.
It's fixed with:
ln -s /usr/lib64/libnss_winbind.so.2 /lib64/libnss_winbind.so
ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2
2015-05-20 20:50 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>:
> Hi,
>
>
> I'm trying a basic setup : samba 4.2 on vm as ad dc, linux server as a dc
> member with samba shares and win 7 as a ad member and samba client.
>
> Unix attrs are assigned, windows auth and linux kinit work ok. But when I
> try to access samba share from windows a get an error above in my log.smb:
>
> check_ntlm_password: Checking password for unmapped user
> [KURSK]\[video]@[EVENT] with the new password interface
> [2015/05/20 19:52:36.319290, 3]
> ../source3/auth/auth.c:180(auth_check_ntlm_password)
> check_ntlm_password: mapped user is: [KURSK]\[video]@[EVENT]
> [2015/05/20 19:52:36.319324, 4]
> ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
> push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2015/05/20 19:52:36.319351, 4] ../source3/smbd/uid.c:485(push_conn_ctx)
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2015/05/20 19:52:36.319376, 4] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2015/05/20 19:52:36.326815, 4] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx)
> pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2015/05/20 19:52:36.327565, 3]
> ../source3/auth/auth_util.c:1247(check_account)
> Failed to find authenticated user KURSK\video via getpwnam(), denying
> access.
> [2015/05/20 19:52:36.327620, 2]
> ../source3/auth/auth.c:288(auth_check_ntlm_password)
> check_ntlm_password: Authentication for user [video] -> [video] FAILED
> with error NT_STATUS_NO_SUCH_USER
>
>
> What am I missing here?
>
> Linux ad member smb.conf:
>
> [global]
>
> workgroup = KURSK
> security = ADS
> realm = KURSK.MTT
> server role = member server
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
> log level = 4
>
>
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
> idmap config KURSK:backend = ad
> idmap config KURSK:schema_mode = rfc2307
> idmap config KURSK:range = 10000-99999
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = Yes
> winbind expand groups = 4
> winbind normalize names = Yes
> domain master = no
> local master = no
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> [demoshare]
> path = /archive/video
> read only = no
>
>
> krb5.conf :
>
> [libdefaults]
> default_realm = KURSK.MTT
> dns_lookup_realm = false
> dns_lookup_kdc = true
> clockskew = 300
> [domain_realm]
> .kursk.mtt = KURSK.MTT
> [realms]
> KURSK.MTT = {
> kdc = debian-dc.kursk.mtt
> default_domain = kursk.mtt
> admin_server = debian-dc.kursk.mtt
> }
> [appdefaults]
> pam = {
> ticket_lifetime = 1d
> renew_lifetime = 1d
> forwardable = true
> proxiable = false
> minimum_uid = 1
> clockskew = 300
> external = sshd
> use_shmem = sshd
> }
> [logging]
> kdc = FILE:/var/log/krb5.log
> kdc = SYSLOG:INFO
> default = SYSLOG:UNFO:USER
>
>
> /etc/nsswitch.conf :
>
>
> #passwd: compat
> #group: compat
>
> passwd: compat winbind
> group: compat winbind
> shadow: files winbind
>
>
>
> hosts: files mdns_minimal [NOTFOUND=return] dns
> networks: files dns
>
> services: files
> protocols: files
> rpc: files
> ethers: files
> netmasks: files
> netgroup: files nis
> publickey: files
>
> bootparams: files
> automount: files nis
> aliases: files
>
>
>
More information about the samba
mailing list