[Samba] Problems with ADS and user mapping

Matthew Choppen mattchoppen at googlemail.com
Tue Dec 11 05:47:12 MST 2012


Hi,

I am having problems with the mapping of a windows users to a unix
user using Active Directory.

When I perform the following every think seems ok

smbclient -U "ADOMAIN\clearcase_albd" -L CCSERVER
Enter ADOMAIN\clearcase_albd's password:
Domain=[ADOMAIN] OS=[Unix] Server=[Samba 3.4.3-1.17.2-2359-SUSE-
CODE11]

        Sharename       Type      Comment
        ---------       ----      -------
        IPC$            IPC       IPC Service (ClearCase)
        LicenseMonitor  Disk      License monitoring directory
        ccviews         Disk      View storage directory
        vobstore        Disk      Vob storage directory
Domain=[ADOMAIN] OS=[Unix] Server=[Samba 3.4.3-1.17.2-2359-SUSE-
CODE11]

        Server               Comment
        ---------            -------
        CCSERVER             ClearCase
        CCSERVER2
        CCSERVER3

        Workgroup            Master
        ---------            -------
        ADOMAIN              CCSERVER3

However this fails:

smbclient -U "ADOMAIN\clearcase_albd" //CCSERVER/ccviews
Enter ADOMAIN\clearcase_albd's password:
Domain=[ADOMAIN] OS=[Unix] Server=[Samba 3.4.3-1.17.2-2359-SUSE-
CODE11]
tree connect failed: NT_STATUS_ACCESS_DENIED


Both vobadmin and clearcase_albd are in Active Directory and both in
the same ADOMAIN

Any help would be greatly appreciated


# /etc/samba/smb.conf

[global]
        workgroup = ADOMAIN
        password server = ldap1.ADOMAIN.int, ldap2.ADOMAIN.int
        domain master = no
        realm = ADOMAIN.INT
        server string = ClearCase
        netbios name = CCSERVER
        security = ADS
        encrypt passwords = yes
        winbind use default domain = Yes
        winbind nested groups = Yes
        client use spnego = Yes
        winbind enum users = Yes
        winbind enum groups = Yes
        template shell = /bin/bash
        template homedir = /home/%D/%u
        log level = 2
        log file = /var/log/samba/%m
        max log size = 50
        winbind separator = +
        winbind cache time = 5
        winbind refresh tickets = true
        map to guest = Bad User
        username map = /etc/samba/user.map
        max open files = 11000
        add machine script = /usr/sbin/useradd -c Machine -d /var/lib/
nobody -s /bin/false %m$
        usershare allow guests = Yes
        directory security mask = 0775
                ##map untrusted to domain = Yes -- This has no effect!
        kernel oplocks = No
        create mask = 0775
        directory mask = 0775
        map archive = No
        oplocks = No
        level2 oplocks = No
        lock directory = /var/run/samba
        ldap timeout = 30
        ldap connection timeout = 30
        host msdfs = No
        preserve case = Yes

[vobstore]
        comment = Vob storage directory
        path = /vobstore
        valid users = @"ADOMAIN+ccusers"
        writeable = Yes
        create mask = 0775

[ccviews]
        comment = View storage directory
        path = /ccviews
        valid users = @"ADOMAIN+ccusers"
        writeable = Yes
        create mask = 0775

[LicenseMonitor]
        comment = License monitoring directory
        path = /home/vobadmin/LicenseMonitor
        valid users = clearcase_albd vobadmin
        writeable = yes
        create mask = 0755

# /etc/samba/user.map
root = administrator admin
nobody = guest pcguest smbguest
vobadmin = ADOMAIN\clearcase_albd clearcase_albd


## /var/log/samba/CCSERVER


[2012/12/11 11:50:10,  1] smbd/service.c:676(make_
connection_snum)
  create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2012/12/11 11:51:17,  2] auth/auth.c:320(check_ntlm_password)
  check_ntlm_password:  Authentication for user [clearcase_albd] ->
[vobadmin] FAILED with error NT_STATUS_NO_SUCH_USER
[2012/12/11 11:51:17,  2] smbd/service.c:
584(create_connection_server_info)
  guest user (from session setup) not permitted to access this share
(ccviews)
[2012/12/11 11:51:17,  1] smbd/service.c:676(make_connection_snum)
  create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2012/12/11 11:57:33,  2] auth/auth.c:320(check_ntlm_password)
  check_ntlm_password:  Authentication for user [clearcase_albd] ->
[vobadmin] FAILED with error NT_STATUS_NO_SUCH_USER
[2012/12/11 11:57:34,  2] auth/auth.c:320(check_ntlm_password)
  check_ntlm_password:  Authentication for user [clearcase_albd] ->
[vobadmin] FAILED with error NT_STATUS_NO_SUCH_USER
[2012/12/11 11:58:54,  2] auth/auth.c:320(check_ntlm_password)
  check_ntlm_password:  Authentication for user [clearcase_albd] ->
[vobadmin] FAILED with error NT_STATUS_NO_SUCH_USER
[2012/12/11 11:58:54,  2] smbd/service.c:
584(create_connection_server_info)
  guest user (from session setup) not permitted to access this share
(ccviews)
[2012/12/11 11:58:54,  1] smbd/service.c:676(make_connection_snum)
  create_connection_server_info failed: NT_STATUS_ACCESS_DENIED



Thanks in advance

Matt


More information about the samba mailing list