[Samba] domain member WIN2003 AD - Trusted Domain

hans paul hans.paul1 at gmx.net
Fri Feb 22 08:31:04 GMT 2008 

Hi,
we configured a Samba server for filesharing. Samba use kerberos and winbind to
authenticate the user on DomainA.

In DomainA we create a localgroup where we add users from the same domain. But
also we add users from the DomainB who is trusted.

Our problem is that users from DomainB can't get access to the sharing folders.
The user get an logon popup from windows. If you type in your correct data the
window comes again and again...

Best regards

Paul

Samba 3.0.24
Suse SLE-10-i386

current stat:
Samba Server for Filesharing use ADS for user authentification
DomainA 
DomainB Trusted from DomainA 

Samba <> DomainA <> DomainB


 smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2007-07-05
[global]
# domain settings
workgroup = DOMAINA
realm = DOMAINA.DOM.NET
security = ads
client use spnego = Yes
password server = passwordserver.DOMAINA.DOM.NET
server string = %h server
dns proxy = no
encrypt passwords = true
invalid users = root
socket options = TCP_NODELAY

idmap uid = 100000-150000
idmap gid = 100000-150000

winbind separator = /
winbind use default domain = Yes
winbind cache time = 30
winbind enum users = No
winbind enum groups = No
winbind nested groups = Yes
winbind refresh tickets = Yes
winbind offline logon = No

# log.winbindd
[2008/02/05 11:13:12, 6] param/loadparm.c:lp_file_list_changed(3048)
  lp_file_list_changed()
  file /etc/samba/shares.conf -> /etc/samba/shares.conf  last mod_time: Mon Feb
 4 21:53:19 2008
  file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time: Tue Feb  5
11:12:17 2008
[2008/02/05 11:13:12, 5] auth/auth_util.c:make_user_info_map(161)
  make_user_info_map: Mapping user [DOMAINB]\[USER123] from workstation
[COMPUTER123]
[2008/02/05 11:13:12, 5] auth/auth_util.c:make_user_info(75)
  attempting to make a user_info for USER123 (USER123)
[2008/02/05 11:13:12, 5] auth/auth_util.c:make_user_info(85)
  making strings for USER123's user_info struct
[2008/02/05 11:13:12, 5] auth/auth_util.c:make_user_info(117)
  making blobs for USER123's user_info struct
[2008/02/05 11:13:12, 10] auth/auth_util.c:make_user_info(135)
  made an encrypted user_info for USER123 (USER123)
[2008/02/05 11:13:12, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user
[DOMAINB]\[USER123]@[COMPUTER123] with the new password interface
[2008/02/05 11:13:12, 3] auth/auth.c:check_ntlm_password(224)
  check_ntlm_password:  mapped user is: [DOMAINA]\[USER123]@[COMPUTER123]
[2008/02/05 11:13:12, 10] auth/auth.c:check_ntlm_password(233)
  check_ntlm_password: auth_context challenge created by NTLMSSP callback
(NTLM2)
[2008/02/05 11:13:12, 10] auth/auth.c:check_ntlm_password(235)
  challenge is:
[2008/02/05 11:13:12, 5] lib/util.c:dump_data(2225)
  [000] FA 5A F2 B5 11 F3 A4 A7                           .Z......
[2008/02/05 11:13:12, 10] auth/auth.c:check_ntlm_password(261)
  check_ntlm_password: guest had nothing to say
[2008/02/05 11:13:12, 8] lib/util.c:is_myname(2043)
  is_myname("DOMAINA") returns 0
[2008/02/05 11:13:12, 6] auth/auth_sam.c:check_samstrict_security(414)
  check_samstrict_security: DOMAINA is not one of my local names
(ROLE_DOMAIN_MEMBER)
[2008/02/05 11:13:12, 10] auth/auth.c:check_ntlm_password(261)
  check_ntlm_password: sam had nothing to say
[2008/02/05 11:13:12, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/02/05 11:13:12, 3] smbd/uid.c:push_conn_ctx(353)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/02/05 11:13:12, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/02/05 11:13:12, 5] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2008/02/05 11:13:12, 5] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2008/02/05 11:13:12, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/02/05 11:13:12, 5] auth/auth.c:check_ntlm_password(273)
  check_ntlm_password: winbind authentication for user [USER123] FAILED with
error NT_STATUS_NO_SUCH_USER
[2008/02/05 11:13:12, 2] auth/auth.c:check_ntlm_password(319)
  check_ntlm_password:  Authentication for user [USER123] -> [USER123] FAILED
with error NT_STATUS_NO_SUCH_USER
-- 
GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen!
Jetzt dabei sein: http://www.shortview.de/?mc=sv_ext_mf@gmx

More information about the samba mailing list