R: [Samba] security = ads --> invalide user

Gianluca Culot gianlucaculot at dmsware.com
Thu May 10 07:53:32 GMT 2007 

> -----Messaggio originale-----
> Da: samba-bounces+gianlucaculot=dmsware.com at lists.samba.org
> [mailto:samba-bounces+gianlucaculot=dmsware.com at lists.samba.org]Per
> conto di Urs Golla
> Inviato: giovedì 10 maggio 2007 9.44
> A: samba at lists.samba.org
> Oggetto: [Samba] security = ads --> invalide user
>
>
> Hello
>
> I try to run SAMBA with security = ads on AIX 5.3 with SAMBA 3.0.23d.
> "net ads join" was successful and the machine is now visible in the Domain
> with the netbios name.
>
> When I try to access the shares on the machine the log.smbd files says:
>
> (...)
> [2007/05/10 08:58:16, 1] smbd/sesssetup.c:reply_spnego_kerberos(310)
>   Username MYDOMAIN/MYUSERNAME is invalid on this system
> [2007/05/10 08:58:16, 3] smbd/error.c:error_packet(146)
>   error packet at smbd/sesssetup.c(315) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> (...)
>
>
> ******************************************************
> smb.conf:
>
> [global]
> winbind separator = /
> netbios name = MYNETBIOSNAME
> winbind enum users = yes
> workgroup = MYDOMAIN
> winbind enum groups = yes
> #password server = *
> password server = MYPASSWORDSERVER
> encrypt passwords = yes
> dns proxy = no
> realm = MYREALM
> security = ADS
> wins proxy = no
> winbind use default domain = Yes
> client use spnego = yes
> #idmap uid = 10000-20000
> #winbind gid = 10000-20000
> preferred master = no
> log level = 3
> wins server = x.x.x.x
> #auth methods = guest sam winbind
> #idmap uid = 10000-20000
> idmap gid = 10000-20000
>
>
> [testsamba]
>      comment = Samba testfolder
>      path = /testsamba
>      read only = no
>      valid users = MYDOMAIN/USERNAME
>
> ******************************************************
>
> I also maped the domain groups with "net groupmap"
>
> # ./net groupmap list
> Domain Users (S-1-5-21-3687956107-1621720357-3427760348-513) ->
> domainusers
> Domain Guests (S-1-5-21-3687956107-1621720357-3427760348-997) -> nobody
> Administrators (S-1-5-32-544) -> 5000
> mygroup (S-1-5-21-3687956107-1621720357-3427760348-14001) -> mygroup
> Users (S-1-5-32-545) -> 5001
>
> --> MYDOMAIN/USERNAME is a member of MYDOMAIN/mygroup
> ****************************************************************
>
> Why does it say "invalide user"? I think I should also be able to
> browse the
> shares without a valid user...
>
> any help is much appreciated!!!
>
> Regards
> Urs
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

I would check
winbind separator = /

to my knowlegde it should be
winbind separator = \

or could be commented as its default is  \

I've setup a samba 3.0.24,1 on freebsd with ads against a Windows2003 Server
and I did not specified Winbind Separator

More information about the samba mailing list