[Samba] Problem with Active Directory...

[David BERCOT]

Hi,

I'd done other searches and it seems my problem comes from samba
configuration on parameters like "winbind trusted domains", etc...

If I do a test like :
wbinfo --authenticate=AC\\utilisateur.paris%password
everything is ok.

So, my server is ok to authenticate users from the 'AC' domain.

Do you think I only have problems in smb.conf ???

Do you have any links which can explain this configuration ?

Thanks a lot.

David.

Le Mon, 5 Jan 2009 14:15:01 +0100,
David BERCOT <samba at bercot.org> a écrit :
> Hi,
> 
> I have some problems with Samba and Active Directory.
> Here is the beginning of my smb.conf (on Debian) :
> [global]
>         realm = AC-NANTES.JUSTICE.FR
>         workgroup = AC-NANTES
> Users from this domain (AC-NANTES) have no problem to log on...
> 
> Now, I'd like to do the same with another user from another domain :
> AC.JUSTICE.FR who is in a global security group in AC-NANTES (I use
> this global group for ressources access). And there, when I try to
> validate this user (AC\utilisateur.paris), I have this message :
> check_ntlm_password:  Checking password for unmapped user
> [AC]\[utilisateur.paris]@[XP-DAVID] with the new password interface
> [2009/01/05 12:01:04, 3] auth/auth.c:check_ntlm_password(224)
> check_ntlm_password:  mapped user is:
> [AC-NANTES]\[utilisateur.paris]@[XP-DAVID] [...] [2009/01/05
> 12:01:04, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password:
> Authentication for user [utilisateur.paris] ->
> [utilisateur.paris] FAILED with error NT_STATUS_NO_SUCH_USER
> [2009/01/05 12:01:04, 3] smbd/error.c:error_packet(146) error packet
> at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> 
> If I well understand, Samba tries to validate the user from its domain
> and not from his real domain...
> Is it possible to validate a user from another domain (in the same
> AD) ? Can we put many domains in Samba configuration ?
> 
> Thanks a lot for any idea ;-)
> 
> David.