[Samba] Samba not accepting AD users
Bruno Martins
bmomartins at gmail.com
Thu Sep 1 04:27:47 MDT 2011
On 09/01/2011 11:11 AM, David Roid wrote:
> Check out what does /var/log/samba/log say about logon failure? Also do you
> enable "ntlm auth"?
>
> -David
>
> 2011/9/1 Bruno Martins <bmomartins at gmail.com>
>
>> On 08/31/2011 06:57 PM, Dale Schroeder wrote:
>>> Bruno,
>>>
>>> This is not a valid option:
>>>
>>> idmap backend = 192.168.0.2
>>>
>>> The default is tdb, but there is also rid, ad, and ldap.
>>>
>>> Dale
>>>
>>>
>>> On 08/31/2011 5:57 AM, Bruno Martins wrote:
>>>> Hello everyone.
>>>>
>>>> I am setting up a Debian-based file and print server and I am not
>>>> being able
>>>> to authenticate with AD credentials. I think the error message is this
>>>> one:
>>>> joe at sputnik:~$ tail /var/log/samba/log.__ffff_192.168.0.101
>>>> [2011/08/31 11:19:54.415130, 1]
>>>> smbd/sesssetup.c:454(reply_spnego_kerberos)
>>>> Username GALILEU-F\bmartins is invalid on this system
>>>>
>>>> More information about the system:
>>>> joe at sputnik:~$ uname -r
>>>> 2.6.32-5-686
>>>>
>>>> joe at sputnik:~$ wbinfo -g
>>>> domain guests
>>>> domain users
>>>> domain computers
>>>> group policy creator owners
>>>> cert publishers
>>>> domain controllers
>>>> exchange domain servers
>>>> domain admins
>>>> (...)
>>>>
>>>> joe at sputnik:~$ wbinfo -u
>>>> SPUTNIK\nobody
>>>> SPUTNIK\root
>>>> a230w
>>>> sqlexecutivecmdexec
>>>> ghelpdesk
>>>> pbernardo
>>>> (...)
>>>>
>>>> My smb.conf:
>>>> http://pastebin.com/5vMg5X82
>>>>
>>>> ... and my krb5.conf:
>>>> http://pastebin.com/SE9Pmt0Y
>>>>
>>>> ... also my nsswitch.conf:
>>>> http://pastebin.com/psL9SksW
>>>>
>>>> Can anyone please help me?
>>>>
>>>> Best regards,
>>>>
>>>> Bruno Martins
>>
>> Good morning,
>>
>> I have changed that parameter to 'idmap backend = tdb' and even 'idmap
>> backend = ad' but didn't work.
>>
>> I keep getting this error:
>> root at sputnik:/home/joe# smbclient -L //localhost -U bmartins
>> Enter bmartins's password:
>> session setup failed: NT_STATUS_LOGON_FAILURE
>>
>> Also, 'testparm' doesn't show me that line, but that may be normal.
>>
>> And, by the way, when I do a 'getent passwd', the output just show me
>> local users, not domain ones.
>>
>> Best regards,
>>
>> Bruno Martins
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
Hello David,
Thanks for your help.
Let me show you the output of some commands that may ask your second
question:
http://pastebin.com/Rj3Shbeu
Regarding to logs, I have noticed a strange thing:
http://pastebin.com/yMaQek0h
Is this a normal behaviour?
Best regards,
Bruno Martins
More information about the samba
mailing list