[Samba] Samba not accepting AD users
Dale Schroeder
dale at BriannasSaladDressing.com
Thu Sep 1 11:32:04 MDT 2011
On 09/01/2011 5:27 AM, Bruno Martins wrote:
> On 09/01/2011 11:11 AM, David Roid wrote:
>> Check out what does /var/log/samba/log say about logon failure? Also do you
>> enable "ntlm auth"?
>>
>> -David
>>
>> 2011/9/1 Bruno Martins<bmomartins at gmail.com>
>>
>>> On 08/31/2011 06:57 PM, Dale Schroeder wrote:
>>>> Bruno,
>>>>
>>>> This is not a valid option:
>>>>
>>>> idmap backend = 192.168.0.2
>>>>
>>>> The default is tdb, but there is also rid, ad, and ldap.
>>>>
>>>> Dale
>>>>
>>>>
>>>> On 08/31/2011 5:57 AM, Bruno Martins wrote:
>>>>> Hello everyone.
>>>>>
>>>>> I am setting up a Debian-based file and print server and I am not
>>>>> being able
>>>>> to authenticate with AD credentials. I think the error message is this
>>>>> one:
>>>>> joe at sputnik:~$ tail /var/log/samba/log.__ffff_192.168.0.101
>>>>> [2011/08/31 11:19:54.415130, 1]
>>>>> smbd/sesssetup.c:454(reply_spnego_kerberos)
>>>>> Username GALILEU-F\bmartins is invalid on this system
>>>>>
>>>>> More information about the system:
>>>>> joe at sputnik:~$ uname -r
>>>>> 2.6.32-5-686
>>>>>
>>>>> joe at sputnik:~$ wbinfo -g
>>>>> domain guests
>>>>> domain users
>>>>> domain computers
>>>>> group policy creator owners
>>>>> cert publishers
>>>>> domain controllers
>>>>> exchange domain servers
>>>>> domain admins
>>>>> (...)
>>>>>
>>>>> joe at sputnik:~$ wbinfo -u
>>>>> SPUTNIK\nobody
>>>>> SPUTNIK\root
>>>>> a230w
>>>>> sqlexecutivecmdexec
>>>>> ghelpdesk
>>>>> pbernardo
>>>>> (...)
>>>>>
>>>>> My smb.conf:
>>>>> http://pastebin.com/5vMg5X82
>>>>>
>>>>> ... and my krb5.conf:
>>>>> http://pastebin.com/SE9Pmt0Y
>>>>>
>>>>> ... also my nsswitch.conf:
>>>>> http://pastebin.com/psL9SksW
>>>>>
>>>>> Can anyone please help me?
>>>>>
>>>>> Best regards,
>>>>>
>>>>> Bruno Martins
>>> Good morning,
>>>
>>> I have changed that parameter to 'idmap backend = tdb' and even 'idmap
>>> backend = ad' but didn't work.
>>>
>>> I keep getting this error:
>>> root at sputnik:/home/joe# smbclient -L //localhost -U bmartins
>>> Enter bmartins's password:
>>> session setup failed: NT_STATUS_LOGON_FAILURE
>>>
>>> Also, 'testparm' doesn't show me that line, but that may be normal.
>>>
>>> And, by the way, when I do a 'getent passwd', the output just show me
>>> local users, not domain ones.
>>>
>>> Best regards,
>>>
>>> Bruno Martins
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
> Hello David,
>
> Thanks for your help.
>
> Let me show you the output of some commands that may ask your second
> question:
> http://pastebin.com/Rj3Shbeu
>
> Regarding to logs, I have noticed a strange thing:
> http://pastebin.com/yMaQek0h
>
> Is this a normal behaviour?
Apparently so because I have seen those messages on working winbind systems.
Compare your setup to the following to see if you might have missed
anything.
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081/Join-Samba-3-to-Your--Active-Directory-Domain.htm
http://www.enterprisenetworkingplanet.com/netsysm/article.php/3502441/Join-Linux-to-Active-Directory-With-Winbind.htm
Dale
>
> Best regards,
>
> Bruno Martins
> .
>
More information about the samba
mailing list