[Samba] Samba sharing authentication

Chris Culpepper Chris.Culpepper at mountainone.com
Tue Aug 9 09:58:22 MDT 2011

I have a samba share at /share. I am trying to get it to authenticate it to a single user for right now. It is attached to the domain, and wbinfo -a\-u\-g all succeed. a login command with a domain user only works after a sucessful wbinfo -a "DOMAIN\user%password". This user is then able to authenticate using the "login" command. As of right now whenever I go to this machine from windows, it asks for a username and password just to get into the server, not the share. When going to the share as in \\ip.address\share<file:///\\ip.address\share>, it still goes to a password prompt. My configuration is as follows:
        workgroup = DOMAIN
        realm = DOMAIN.LOCAL
        server string = File server
        security = ADS
        map to guest = Bad User
        obey pam restrictions = Yes
        password server = DC. DOMAIN.LOCAL
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        unix password sync = Yes
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        dns proxy = No
        usershare allow guests = Yes
        panic action = /usr/share/samba/panic-action %d
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template shell = /bin/bash
        winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind nested groups = No
        winbind refresh tickets = Yes
        idmap config DOMAIN : range = 10000-20000
        idmap config DOMAIN : backend = rid

        comment = All Printers
        path = /var/spool/samba
        create mask = 0700
        printable = Yes
        browseable = No
        browsable = No

        comment = Printer Drivers
        path = /var/lib/samba/printers

        path = /share
        valid users = DOMAIN2+chris.culpepper, DOMAIN+test, DOMAIN2\\chris.culpepper
        read only = No

        path = /home
        read only = No
        guest ok = Yes

I am pretty sure it is something obvious that I missed, but any assistance would be greatly appriciated!

Under no circumstances should non-public personal information (NPPI) be transmitted via unsecured e-mail. For your protection do not include account numbers, social security numbers, passwords or any other NPPI in email messages sent to MountainOne Financial Partners or its affiliates. Under no circumstances will we ever make a request of NPPI or financial information via unsecured e-mail. The information in this e-mail message is legally privileged and confidential and is intended only for the use of the addressee(s) named above. If you are not the intended recipient, you are hereby notified that you are not authorized to use, distribute, or copy this e-mail or its attachments. If you have received this e-mail in error, please notify the sender as soon as possible. In addition, please delete the erroneously received message from any device and/or media where the message is stored.

More information about the samba mailing list