[Samba] wbinfo -u / getent passwd not working
L.P.H. van Belle
belle at bazuin.nl
Fri Jul 10 10:39:57 UTC 2020
https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html#libdefaults
Kerberos ticket_lifetime it default 1 day.
What does the auth.log show?
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> basti via samba
> Verzonden: vrijdag 10 juli 2020 12:29
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] wbinfo -u / getent passwd not working
>
>
>
> On 10.07.20 12:18, L.P.H. van Belle via samba wrote:
> > Just thing i notised.
> >
> >> idmap config * : range = 1000-2000
> > This might give conflicts.
> > Output of `cat /etc/adduser.conf |grep "[G-U]ID" `
> > These ranges should not overlap.
>
> I think that should not be the problem, i have multiple servers, with
> the samba config that works. and only 1 or 2 local users.
>
> >
> > After how may days/hours did it stop working?
>
> I would say 2 days?
>
> I do not understand why wbinfo -g work but wbinfo -u do not.
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >> basti via samba
> >> Verzonden: vrijdag 10 juli 2020 12:10
> >> Aan: samba at lists.samba.org
> >> Onderwerp: [Samba] wbinfo -u / getent passwd not working
> >>
> >> Hello,
> >> i try to setup a linux laptop for homeoffice with login
> for ad users.
> >> The last few days it work like expected.
> >>
> >> today wbinfo -u return no user, getent passwd <username> also.
> >>
> >> wbinfo -a "SAMDOM\user"
> >> Enter SAMDOM\user's password:
> >> plaintext password authentication succeeded
> >> Enter SAMDOM\user's password:
> >> challenge/response password authentication succeeded
> >>
> >> wbinfo -D SAMDOM also works.
> >>
> >> laptop smb.conf:
> >>
> >> [global]
> >> security = ADS
> >> workgroup = SAMDOM
> >> realm = SAMDOM.EXAMPLE.COM
> >>
> >> log file = /var/log/samba/%m.log
> >> log level = 1
> >>
> >> winbind refresh tickets = Yes
> >> dedicated keytab file = /etc/krb5.keytab
> >> kerberos method = secrets and keytab
> >> winbind use default domain = yes
> >>
> >> load printers = no
> >> printing = bsd
> >> printcap name = /dev/null
> >> disable spoolss = yes
> >>
> >> # Default ID mapping configuration for local
> BUILTIN accounts
> >> # and groups on a domain member. The default (*) domain:
> >> # - must not overlap with any domain ID mapping
> configuration!
> >> # - must use an read-write-enabled back end, such as tdb.
> >> idmap config * : backend = tdb
> >> idmap config * : range = 1000-2000
> >>
> >> # idmap config for the SAMDOM domain
> >> # alf has uid 1006
> >> idmap config SAMDOM:backend = ad
> >> idmap config SAMDOM:schema_mode = rfc2307
> >> idmap config SAMDOM:range = 2001-999999
> >>
> >> template homedir = /home/%U
> >> template shell = /bin/bash
> >>
> >> client use spnego = yes
> >> client ntlmv2 auth = yes
> >> encrypt passwords = yes
> >> restrict anonymous = 2
> >>
> >> # fix dfs error's in log ?
> >> host msdfs = no
> >>
> >> #
> https://wiki.samba.org/index.php/PAM_Offline_Authentication
> >> winbind offline logon = yes
> >> winbind cache time = 15768000
> >>
> >> winbind enum users = yes
> >> winbind enum groups = yes
> >>
> >> cat /etc/krb5.conf
> >> [libdefaults]
> >> default_realm = SAMDOM.EXAMPLE.COM
> >> dns_lookup_realm = false
> >> dns_lookup_kdc = true
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
> >>
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list