[Samba] ADS authentication issues.
Jeff Honey
jhoney at psmanagement.net
Fri Oct 6 03:05:10 GMT 2006
<snip>log.winbindd
[2006/10/05 17:14:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(310)
Username MYDOMAIN\MYCOMPUTER$ is invalid on this system
</snip>
I get the above-listed entry in my winbindd log and my smbd log when attempting to access a simple network share I've created.
<snip>
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.NET
security = ADS
auth methods = guest, sam, winbind
password server = kds.mydomain.net
wins server = 1.2.3.4
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
guest ok = Yes
[me]
path = /home/me
valid users = me
admin users = me, root
read list = @users
read only = No
guest ok = No
</snip>
This is my, seemingly simple, smb.conf setup. I've done all of the other requisite setup with Kerberos and have joined successfully to the domain as a member. I can also perform all of the tests (wbinfo, getent, etc) successfully against the local machine and against the domain. I can browse to the share but I get a logon box when I attempt to access its contents, which won't go away. Oh, I've also done net ads groupmap for the local users group to the domain's "Domain Users" group.
My goal is to setup ubiquitous SMB shares for my Windows domain users to a simple domain member server and compartmentalize that access based upon group membership.
I've steeled myself against the inevitable lambasting I'm sure to get for whatever boneheaded mistake I've made, so I'm asking for help from the group on this one. After doing my RTFM research I'm stumped.
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤ Jeff Honey, Network Administrator
¤ PS America, Inc.
¤ 4426 N. Orange Blossom Trl
¤ Orlando, FL 32804
¤ 407-521-1011 voice
¤ 407-521-1007 fax
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
More information about the samba
mailing list