[Samba] Samba not accepting AD users

David Roid dataroid at gmail.com
Thu Sep 1 04:11:25 MDT 2011


Check out what does /var/log/samba/log say about logon failure? Also do you
enable "ntlm auth"?

-David

2011/9/1 Bruno Martins <bmomartins at gmail.com>

> On 08/31/2011 06:57 PM, Dale Schroeder wrote:
> > Bruno,
> >
> > This is not a valid option:
> >
> > idmap backend = 192.168.0.2
> >
> > The default is tdb, but there is also rid, ad, and ldap.
> >
> > Dale
> >
> >
> > On 08/31/2011 5:57 AM, Bruno Martins wrote:
> >> Hello everyone.
> >>
> >> I am setting up a Debian-based file and print server and I am not
> >> being able
> >> to authenticate with AD credentials. I think the error message is this
> >> one:
> >> joe at sputnik:~$ tail /var/log/samba/log.__ffff_192.168.0.101
> >> [2011/08/31 11:19:54.415130,  1]
> >> smbd/sesssetup.c:454(reply_spnego_kerberos)
> >>    Username GALILEU-F\bmartins is invalid on this system
> >>
> >> More information about the system:
> >> joe at sputnik:~$ uname -r
> >> 2.6.32-5-686
> >>
> >> joe at sputnik:~$ wbinfo -g
> >> domain guests
> >> domain users
> >> domain computers
> >> group policy creator owners
> >> cert publishers
> >> domain controllers
> >> exchange domain servers
> >> domain admins
> >> (...)
> >>
> >> joe at sputnik:~$ wbinfo -u
> >> SPUTNIK\nobody
> >> SPUTNIK\root
> >> a230w
> >> sqlexecutivecmdexec
> >> ghelpdesk
> >> pbernardo
> >> (...)
> >>
> >> My smb.conf:
> >> http://pastebin.com/5vMg5X82
> >>
> >> ... and my krb5.conf:
> >> http://pastebin.com/SE9Pmt0Y
> >>
> >> ... also my nsswitch.conf:
> >> http://pastebin.com/psL9SksW
> >>
> >> Can anyone please help me?
> >>
> >> Best regards,
> >>
> >> Bruno Martins
>
> Good morning,
>
> I have changed that parameter to 'idmap backend = tdb' and even 'idmap
> backend = ad' but didn't work.
>
> I keep getting this error:
> root at sputnik:/home/joe# smbclient -L //localhost -U bmartins
> Enter bmartins's password:
> session setup failed: NT_STATUS_LOGON_FAILURE
>
> Also, 'testparm' doesn't show me that line, but that may be normal.
>
> And, by the way, when I do a 'getent passwd', the output just show me
> local users, not domain ones.
>
> Best regards,
>
> Bruno Martins
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list