[Samba] problem authenticating users to Active Directory after Ubuntu 12.04 -> 14.04 upgrade
Rowland Penny
rowlandpenny at googlemail.com
Fri Apr 25 10:11:19 MDT 2014
On 25/04/14 16:27, Geoff Rowland wrote:
> To be safe, I performed a clean installation of Ubuntu 14.04 to make
> sure the upgrade process wasn't breaking things. I am able to join a
> domain, however it will always tell me invalid password when trying to
> log in with a domain account. I guess that the major change was going
> from Samba3 to Samba4 with these versions. I don't see anything crazy
> in the samba logs. Am I missing something? here are the steps I
> followed:
>
> apt-get install krb5-config krb5-user winbind samba smbclient
> libnss-winbind libpam-winbind
>
> config files:
>
> smb.conf (had a more complex one but using this simple one for testing):
>
> |[global]
>
> workgroup = MYDOMAIN
> security = ADS
> realm = MYDOMAIN.COM
> netbios name = trusty
>
> idmap config *:backend = tdb
> idmap config *:range = 70001-80000
> idmap config MYDOMAIN:backend = ad
> idmap config MYDOMAIN:schema_mode = rfc2307
> idmap config MYDOMAIN:range = 500-40000
>
> winbind nss info = rfc2307
> [test]
> path = /srv/samba/test
> read only = no
>
> |
>
> krb5.conf:
>
> |[libdefaults]
> default_realm = MYDOMAIN.COM
> ticket_lifetime = 24000
> allow_weak_crypto = yes
> [realms]
> MYDOMAIN.COM = {
> kdc = my.domain.com
> admin_server = my.domain.com
> default_domain = MYDOMAIN.COM
> }
>
>
> [domain_realm]
> .mydomain.com = MYDOMAIN.COM
> mydomain.com = MYDOMAIN.COM
> [login]
> krb4_convert = true
> krb4_get_tickets = false|
>
> /etc/nsswitch.conf
>
> | passwd: compat winbind
> group: compat winbind
> shadow: compat
>
> hosts: files mdns4_minimal [NOTFOUND=return] dns wins
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis|
>
>
> net ads join -U username
>
> succesfully joins the domain
> kinit account at MYDOMAIN.COM
> klist confirms ticket created
> su domainuser = "user not in passwd"
> log out and try to log in with domain user = "invalid password"
> log in with local account type
> wbinfo -u shows domain users
> wbinfo -g shows domain groups
>
> not sure what else to try?
> these exact steps work in Ubuntu 12.04
>
Hi, does 'getent passwd' show your domain users ?
Rowland
More information about the samba
mailing list