[Samba] Samba + Winbind ADS on Win2012 AD with Native 2003 domain forest level
api984 at gmail.com
Tue Apr 16 13:01:38 MDT 2013
I am trying to connect samba to our NEW DCs running win2012 AD. Now I
can join samba using net join and winbind lists users and groups but
USER AUTH fails at by using smbclient and wbinfo -a. Error that I get is
ACCESS DENIED. Now I'm guessing that something must be blocked on
Windows servers that does not allow Winbind to authenticate. I tryed
Samba 3.0.33 , 3.6.6 (3x package) , samba 4.0.0. All samba servers give
same error. Kerberos is working. nsswitch is configured. I also added
PAM auth. GPO policy? Winbind is the main problem currently. RPC server
on win2012 (port 139) security. NTLM is allowed on LocalPolicy. SMB
signing is enabled and working as I saw the samba logs. Tryed to google
and reconfigure smb.conf many times. No sucess in 2 weeks yet. I am not
giving up. I really want to know why its not working.
Have not tryed samba with SSSD yet because I am a little afraid to
upgrade AD schema? should be painless right? because these are prod servers.
Linux: Centos 5.2 (will upgrade to 5.9) - tryed a VBOX 5.9- same error
version does not matter.
Windows: 2x 2012 DC with AD 2003 native domain
Windows SBS : still connected to these DCs. Disabled SBcore so server
will not shutdown by itself
because of EULA and SBS limits. This server is gonna retire once I setup
samba to work with new DCs.
AD schema was migrated with exchange attributes so it works with postfix.
SMBclients error: SPNEGO auth fails.
Winbind: ACCESS_DENIED (0x00000022) -something like that
Hope anyone knows some windows server trick to make winbind work. I do
thing its a security
feature that needs to be disabled.
email : api984 at gmail.com
andrej at skrad.com
api984 at api984.net
contact cell: 00385 98 790 639
home server: http://anetlocal.poweredbyclear.com
MSN: fatallord at hotmail.com
IRC: api984, freenode.net
::Software is like sex: it's better when it's free::
More information about the samba