[Samba] problem authenticating users to Active Directory after Ubuntu 12.04 -> 14.04 upgrade
Geoff Rowland
growland at heavyhammer.com
Fri Apr 25 09:27:48 MDT 2014
To be safe, I performed a clean installation of Ubuntu 14.04 to make
sure the upgrade process wasn't breaking things. I am able to join a
domain, however it will always tell me invalid password when trying to
log in with a domain account. I guess that the major change was going
from Samba3 to Samba4 with these versions. I don't see anything crazy
in the samba logs. Am I missing something? here are the steps I followed:
apt-get install krb5-config krb5-user winbind samba smbclient
libnss-winbind libpam-winbind
config files:
smb.conf (had a more complex one but using this simple one for testing):
|[global]
workgroup = MYDOMAIN
security = ADS
realm = MYDOMAIN.COM
netbios name = trusty
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config MYDOMAIN:backend = ad
idmap config MYDOMAIN:schema_mode = rfc2307
idmap config MYDOMAIN:range = 500-40000
winbind nss info = rfc2307
[test]
path = /srv/samba/test
read only = no
|
krb5.conf:
|[libdefaults]
default_realm = MYDOMAIN.COM
ticket_lifetime = 24000
allow_weak_crypto = yes
[realms]
MYDOMAIN.COM = {
kdc = my.domain.com
admin_server = my.domain.com
default_domain = MYDOMAIN.COM
}
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
[login]
krb4_convert = true
krb4_get_tickets = false|
/etc/nsswitch.conf
| passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files mdns4_minimal [NOTFOUND=return] dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis|
net ads join -U username
succesfully joins the domain
kinit account at MYDOMAIN.COM
klist confirms ticket created
su domainuser = "user not in passwd"
log out and try to log in with domain user = "invalid password"
log in with local account type
wbinfo -u shows domain users
wbinfo -g shows domain groups
not sure what else to try?
these exact steps work in Ubuntu 12.04
More information about the samba
mailing list