[Samba] unknown authentification failure - Samba 4.0.1 pdc

bugblatterbeast samba at bugblatterbeast.de
Wed Oct 30 15:21:36 MDT 2013 

Am 30.10.2013 11:12, schrieb Rowland Penny:
> Sorry, I missed the attachment, but now that I have had a look at your 
> smb.conf, it would seem that you are mixing up an NT PDC with an AD DC.
>
> You need to remove the following from the smb.conf on the Samba4 AD DC:
>
>        logon drive & logon home, these are only used by NT Workstations.
>
>        logon path, again only used by NT Workstations and you should 
> now have this info in each users data in AD ( profilePath attribute ) 
> and this is also setup by [profiles]
>
>        security = user, totally un-needed, this is the default 
> security setting in Samba. Also it is superceeded by the fact that you 
> are running as an active directory domain controller
>
>        public, this is a synonym for guest ok. You are allowing 
> anybody to connect without a password, in my opinion, this should 
> never be in [global].
>
>        log file, You will end up with a logfile called log.%m in 
> /var/log/samba instead of the standard log.samba & log.smbd
>
>        browseable, There is at the present time no network browsing 
> (network neighborhood) in Samba4 but you can connect by address.
>
> Remove the above and restart Samba4 and lets go from there.
>
> Rowland
>
Hello Rowland,

thanks for your effort. I've deleted the obsolete values from the 
smb.conf, but it didn't do the trick. I've also activated 2 of the other 
network adapters for samba. I'll attach the result of tesparm to this mail.

I really wish, there was a way to log all the kerberos-calls and 
authentication-errors. I really think, it's related with that. The 
system is running half a year now with about 20 clients and it's just 
this one workstation that's causing such trouble.

nice regards
-------------- next part --------------
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[profiles]"
Processing section "[home]"
Processing section "[shared]"
Processing section "[projekte]"
Processing section "[entwicklung]"
Processing section "[exchange]"
Processing section "[resources]"
Processing section "[www]"
Processing section "[backup]"
Processing section "[backup2]"
Loaded services file OK.
Server role: ROLE_ACTIVE_DIRECTORY_DC
Press enter to see a dump of your service definitions


[global]
        workgroup = DOMAIN_NAME
        realm = DOMAIN_NAME.LOCAL
        interfaces = eth0, eth1, eth2
        server role = active directory domain controller
        passdb backend = samba_dsdb
        log file = /var/log/samba/log.%m
        load printers = No
        printcap name = /dev/null
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
        rpc_server:tcpip = no
        rpc_daemon:spoolssd = embedded
        rpc_server:spoolss = embedded
        rpc_server:winreg = embedded
        rpc_server:ntsvcs = embedded
        rpc_server:eventlog = embedded
        rpc_server:srvsvc = embedded
        rpc_server:svcctl = embedded
        rpc_server:default = external
        idmap config * : backend = tdb
        create mask = 0777
        directory mask = 0777
        map archive = No
        map readonly = no
        store dos attributes = Yes
        vfs objects = dfs_samba4, acl_xattr

[netlogon]
        path = /var/lib/samba/sysvol/DOMAIN_NAME.local/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[profiles]
        comment = Network Profiles
        path = /usr/local/samba/var/profiles
        read only = No

[home]
        comment = Benutzerverzeichnisse
        path = /home/samba
        read only = No
        vfs objects = recycle
        recycle:maxsize = 0
        recycle:touch = Yes
        recycle:versions = Yes
        recycle:keeptree = Yes
        recycle:repository = .recycle

[shared]
        comment = Gemeinsame Dokumente
        path = /data1/shared
        read only = No
        create mask = 0666
        guest ok = Yes
        vfs objects = recycle
        recycle:maxsize = 0
        recycle:touch = Yes
        recycle:versions = Yes
        recycle:keeptree = Yes
        recycle:repository = .recycle/%U

[projekte]
        comment = Projekte
        path = /data1/projekte
        read only = No
        create mask = 0666
        guest ok = Yes
        vfs objects = recycle
        recycle:maxsize = 0
        recycle:touch = Yes
        recycle:versions = Yes
        recycle:keeptree = Yes
        recycle:repository = .recycle/%U

[entwicklung]
        comment = Entwicklung
        path = /data1/entwicklung
        read only = No
        create mask = 0666
        guest ok = Yes
        vfs objects = recycle
        recycle:maxsize = 0
        recycle:touch = Yes
        recycle:versions = Yes
        recycle:keeptree = Yes
        recycle:repository = .recycle/%U

[exchange]
        comment = Dateiaustausch
        path = /data3/exchange
        read only = No
        create mask = 0666
        guest ok = Yes

[resources]
        comment = Installationsdateien
        path = /data3/resources
        read only = No
        create mask = 0755
        directory mask = 0755
        guest ok = Yes

[www]
        comment = lokale Homepages
        path = /home/www
        read only = No
        guest ok = Yes

[backup]
        comment = Datensicherung
        path = /data2/backup
        guest ok = Yes

[backup2]
        comment = Datensicherung
        path = /data4/backup
        guest ok = Yes

More information about the samba mailing list