[Samba] Make Samba4 ignore domain prefix on share logon

Jakub Veselý happy at gjh.sk
Sun Aug 16 18:51:59 UTC 2015


Edited smb.conf to match yours and restarted both smbd and winbind. Did not
work. Tried to smbclient from another server: session setup failed:
NT_STATUS_LOGON_FAILURE. Our member server is also running Ubuntu 14.04 and
Samba-4.1.6 (I might have mistakenly wirtten it was 4.1.7 in original
email, dont remember now). Domain Users do have gid and users have uids.


S pozdravom,

Jakub Veselý
Správca siete GJH
Novohradská 3, 82109 Bratislava
02/210 28 328

2015-08-16 20:35 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>:

> On 16/08/15 16:55, Jakub Veselý wrote:
>
>> I am trying to log in with my domain credentials, that are valid, because
>> when I prefix the login it succeeds.
>>
>> S pozdravom,
>>
>> Jakub Veselý
>> Správca siete GJH
>> Novohradská 3, 82109 Bratislava
>> 02/210 28 328
>>
>> 2015-08-16 17:46 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com
>> <mailto:rowlandpenny241155 at gmail.com>>:
>>
>>     On 16/08/15 16:38, Jakub Veselý wrote:
>>
>>         Unfortunately 'map untrusted to domain = yes' did not help, I
>>         still keep
>>         getting wrong username or password error while accessing the
>>         share. I do
>>         have 'winbind use default domain = yes' in the configuration,
>>         but seem to
>>         have no effect on windows either. I am trying it from windows
>>         10 PC that is
>>         not joined to domain, could the os be an issue?
>>
>>         Jakub Vesely
>>
>>
>>     possibly, but you are trying to connect as a user that just
>>     doesn't exist (i.e. a user from outside the domain), you may need
>>     to use 'map to Bad User', but as I said, post your smb.conf
>>
>>
>>     Rowland
>>
>>
>>     --     To unsubscribe from this list go to the following URL and read
>> the
>>     instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
> OK, I tried to login from a VM that isn't connected to my domain with a
> domain user to a share on a member server and it works, the share is owned
> by root:Domain Users with 0775 permissions
>
> My smb.conf is very similar to yours with the addition of these lines:
>
>         dedicated keytab file = /etc/krb5.keytab
>         kerberos method = secrets and keytab
>         winbind expand groups = 4
>         winbind refresh tickets = Yes
>         winbind normalize names = Yes
>
> I do not have these lines:
>
>   winbind trusted domains only = no
>   map untrusted to domain = yes
>
> The share stanza is just this:
>
> [testshare]
>         path = /home/share
>         read only = no
>
> The command I used on the VM is this:
>
> smbclient \\\\computer.example.com\\testshare -U rowland%password
>
> The member server is running Linux Mint 17 (aka Ubuntu 14.04) with samba
> 4.1.6
>
> My users have a uidNumber and Domain Users has a gidNumber.
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list