[Samba] AD integration - Administrator can log in but no one else can

yan at seiner.com yan at seiner.com
Thu Feb 6 14:43:23 MST 2014 

I have an Ubuntu 12.04 LTS server that I am trying to get integrated into
the company AD.

The global AD administrator with the username Administrator can log in and
access the shares on the samba box.

No other user, even users with Administrator privileges, can.

  check_ntlm_password:  authentication for user [Administrator] ->
[Administrator] -> [WIKI\Administrator] succeeded

  check_ntlm_password:  Authentication for user [yans] -> [yans] FAILED
with error NT_STATUS_NO_SUCH_USER

The yans user (me) can log into any computer except the samba box.  Even
if I granted Admin privileges I am still refused.

Eventually I need to integrate this into our existing network but for now
I need to get user logins working.

The users do not have unix accounts on the samba box.  They do not need
any accounts unless required to by samba.

I can't figure out what I am doing wrong.  I have tried many things;
here's my current smb.conf:

[global]
   workgroup = hpm
   server string = %h server (Samba/Ubuntu)
   log level = 2
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   security = ads
   realm = hpm.net

   idmap backend = lwopen
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   winbind enum users = yes
   winbind enum groups = yes

   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes

[mediawiki]
        comment = Manuals Wiki Folders
        read only = yes
        path = /srv/mediawiki
        read list = @wikiread
        guest ok = no
[manuals]
        comment = Manuals for download
        path = /srv/mediawiki/downloads
        browsable = yes
        writeable = yes
        read list = @wikiread
        write list = @wikiwrite
        create mask = 0775
        guest ok = no
[covers]
        comment = cover images for manuals
        path = /srv/mediawiki/local/covers
        browsable = yes
        writeable = yes
        read list = @wikiread
        write list = @wikiwrite
        guest ok = no
        create mask = 0775

/etc/nsswitch.conf:

passwd:         compat lsass winbind
group:          compat lsass winbind
shadow:         compat

hosts:          files dns winbind wins
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

More information about the samba mailing list