[Samba] security = ads --> invalide user
Urs Golla
urs.golla at gmail.com
Thu May 10 07:43:54 GMT 2007
Hello
I try to run SAMBA with security = ads on AIX 5.3 with SAMBA 3.0.23d.
"net ads join" was successful and the machine is now visible in the Domain
with the netbios name.
When I try to access the shares on the machine the log.smbd files says:
(...)
[2007/05/10 08:58:16, 1] smbd/sesssetup.c:reply_spnego_kerberos(310)
Username MYDOMAIN/MYUSERNAME is invalid on this system
[2007/05/10 08:58:16, 3] smbd/error.c:error_packet(146)
error packet at smbd/sesssetup.c(315) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
(...)
******************************************************
smb.conf:
[global]
winbind separator = /
netbios name = MYNETBIOSNAME
winbind enum users = yes
workgroup = MYDOMAIN
winbind enum groups = yes
#password server = *
password server = MYPASSWORDSERVER
encrypt passwords = yes
dns proxy = no
realm = MYREALM
security = ADS
wins proxy = no
winbind use default domain = Yes
client use spnego = yes
#idmap uid = 10000-20000
#winbind gid = 10000-20000
preferred master = no
log level = 3
wins server = x.x.x.x
#auth methods = guest sam winbind
#idmap uid = 10000-20000
idmap gid = 10000-20000
[testsamba]
comment = Samba testfolder
path = /testsamba
read only = no
valid users = MYDOMAIN/USERNAME
******************************************************
I also maped the domain groups with "net groupmap"
# ./net groupmap list
Domain Users (S-1-5-21-3687956107-1621720357-3427760348-513) -> domainusers
Domain Guests (S-1-5-21-3687956107-1621720357-3427760348-997) -> nobody
Administrators (S-1-5-32-544) -> 5000
mygroup (S-1-5-21-3687956107-1621720357-3427760348-14001) -> mygroup
Users (S-1-5-32-545) -> 5001
--> MYDOMAIN/USERNAME is a member of MYDOMAIN/mygroup
****************************************************************
Why does it say "invalide user"? I think I should also be able to browse the
shares without a valid user...
any help is much appreciated!!!
Regards
Urs
More information about the samba
mailing list