[Samba] (no subject)

Jim Jenkins jjenkins at smithcarson.com
Fri Sep 27 17:15:01 MDT 2013

Hey Gang,

I'm stuck near the end of installing Samba 4 on a Debian Wheezy machine.
I'm trying to connect to a Win2k AD.

Basically I can't get "getent passwd" to show domain accounts.  I also
can't access shares using my credentials.  What did I forget?!

Here is what works:
sudo net ads join -U "DOMAINADMIN"

wbinfo -g  //shows domain groups!
wbinfo -u  //shows domain users!

I have setup symlinks from */lib/i386-linux-gnu/libnss_winbind.so* to *

    workgroup = DOMAIN
    realm = DOMAIN.COM
    server string = %h server
    security = ADS
    map to guest = Bad User
    obey pam restrictions = Yes
    pam password change = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    unix password sync = Yes
    syslog = 0
    log file = /var/log/samba/log.%m
    max log size = 1000
    dns proxy = No
    usershare allow guests = Yes
    panic action = /usr/share/samba/panic-action %d
    winbind separator = +
    winbind enum users = Yes
    winbind enum groups = Yes
    winbind use default domain = Yes
    winbind nss info = rfc2307
    idmap config SHORTDOMAINNAME:range = 500-40000
    idmap config SHORTDOMAINNAME:schema_mode = rfc2307
    idmap config SHORTDOMAINNAME:backend = ad
    idmap config *:range = 70001-80000
    idmap config * : backend = tdb
    store dos attributes = Yes

*Besides "getent passwd" failing to show domain accounts, I get this when I
attempt to authenticate via a SMB client.

[2013/09/27 19:03:28.678145,  3]
  Got user=[TestUser] domain=[DOMAIN] workstation=[BADASS] len1=24 len2=154
[2013/09/27 19:03:28.681267,  3]
  check_ntlm_password:  Checking password for unmapped user
with the new password interface
[2013/09/27 19:03:28.681359,  3]
  check_ntlm_password:  mapped user is: [**DOMAIN]\[**TestUser]@[BADASS]
[2013/09/27 19:03:28.691085,  3]
  Failed to find authenticated user **DOMAIN+jjenkins via getpwnam(),
denying access.
[2013/09/27 19:03:28.691235,  2]
  check_ntlm_password:  Authentication for user [jjenkins] -> [**TestUser]
[2013/09/27 19:03:28.691354,  3]
  No such user jjenkins [**DOMAIN] - using guest account


More information about the samba mailing list