[Samba] ADS Trouble authorizing users.

Jason Gerfen jason.gerfen at scl.utah.edu
Thu Aug 28 13:29:07 GMT 2008


Chris Bolton wrote:
> Hi all,
> 
> I've set up a CentOS machine with samba version 3.0.28-1.el5_2.1 to join a
> Windows 2003 ADS.  Everything seemed to go fine while joining the domain:
> 
> [root at mailserver ~]# net ads join -U administrator
> administrator's password:
> Using short domain name -- MYDOMAIN
> Joined 'MAILSERVER' to realm 'MYDOMAIN.LOCAL'
> 
> The trouble I'm having is authorizing users.
> 
> When connecting the the CentOS machine from a windows XP machine it pops up
> a username and password dialog.  Entering in my details just pops it up
> again as it would if I'd entered them incorrectly.  Nothing is recored in
> the logs on the CentOS machine (either in /var/log/messages or
> /var/log/samba/smbd.log) and I am unable to procced.
> 
> If I try a username in the dialog box that does not exist on the domain I
> get an error in /var/log/messages:
> 
> Aug 28 12:58:06 mailserver smbd[23786]: [2008/08/28 12:58:06, 0]
> auth/auth_domain.c:domain_client_validate(260)
> Aug 28 12:58:06 mailserver smbd[23786]:   domain_client_validate: unable to
> validate password for user dave in domain MYDOMAIN to Domain controller
> MANS01.MYDOMAIN.LOCAL. Error was NT_STATUS_NO_SUCH_USER.

Have you tried looking at the samba guides?

NT_STATUS_NO_SUCH_USER means just that, Samba cannot find the username 
in Active Directory

Some tools to help you are 'getent passwd | grep <username>', 'wbinfo -i 
<username>'

You can also turn up the logging with the 'log level' directive in the 
smb.conf

> 
> 
> I'm guessing its a problem with the way the CentOS machine is passing on the
> logon details but without an error message I'm a bit stuck.  Any help would
> be greatful.
> 
> Cheers.
> 
> Config files below:
> 
> /etc/krb5.conf
> 
> [logging]
>  default = FILE:/var/log/krb5libs.log
>  kdc = FILE:/var/log/krb5kdc.log
>  admin_server = FILE:/var/log/kadmind.log
> 
> [libdefaults]
>  default_realm = MYDOMAIN.LOCAL
>  dns_lookup_realm = false
>  dns_lookup_kdc = false
>  ticket_lifetime = 24h
>  forwardable = yes
> 
> [realms]
> MYDOMAIN.LOCAL = {
>   kdc = mans01
>   admin_server = mans01
>   default_domain = mydomain.local
>  }
> 
> [domain_realm]
>  .mydomain.local = MYDOMAIN.LOCAL
>  mydomain.local = MYDOMAIN.LOCAL
> 
> [appdefaults]
>  pam = {
>    debug = false
>    ticket_lifetime = 36000
>    renew_lifetime = 36000
>    forwardable = true
>    krb4_convert = false
>  }
> 
> /etc/smaba/smb.conf
> 
> [global]
> 
> workgroup = MYDOMAIN
> netbios name = mailserver
> server string = Samba Server 3.0
> security = ads
> realm = MYDOMAIN.LOCAL
> password server = mans01
> encrypt passwords = yes
> printcap name = /etc/printcap
> load printers = yes
> printing = cups
> log file = /var/log/samba/%m.log
> max log size = 0
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> local master = no
> domain master = no
> preferred master = no
> dns proxy = no
> 
> #============================ Share Definitions
> ==============================
> 
> [public]
>   comment = Share
>   path = /home/public
>   public = yes
>   writable = yes
>   printable = no
	

-- 
Jas


More information about the samba mailing list