[Samba] AD integration - Administrator can log in but no one else can
L.P.H. van Belle
belle at bazuin.nl
Fri Feb 7 02:36:57 MST 2014
Hai,
In you globel smb.conf
set realm in CAPS.
is see your workgroup = HPM
but administrator auths with : WIKI\Administrator
and your users with :
wbinfo -u
...
HPM\yans
so this isnt right im thinking.. , is you servername WIKI ?
regards,
Louis
>-----Oorspronkelijk bericht-----
>Van: yan at seiner.com [mailto:samba-bounces at lists.samba.org]
>Namens yan at seiner.com
>Verzonden: donderdag 6 februari 2014 22:43
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] AD integration - Administrator can log in
>but no one else can
>
>I have an Ubuntu 12.04 LTS server that I am trying to get
>integrated into
>the company AD.
>
>The global AD administrator with the username Administrator
>can log in and
>access the shares on the samba box.
>
>No other user, even users with Administrator privileges, can.
>
> check_ntlm_password: authentication for user [Administrator] ->
>[Administrator] -> [WIKI\Administrator] succeeded
>
> check_ntlm_password: Authentication for user [yans] -> [yans] FAILED
>with error NT_STATUS_NO_SUCH_USER
>
>The yans user (me) can log into any computer except the samba
>box. Even
>if I granted Admin privileges I am still refused.
>
>Eventually I need to integrate this into our existing network
>but for now
>I need to get user logins working.
>
>The users do not have unix accounts on the samba box. They do not need
>any accounts unless required to by samba.
>
>I can't figure out what I am doing wrong. I have tried many things;
>here's my current smb.conf:
>
>[global]
> workgroup = hpm
> server string = %h server (Samba/Ubuntu)
> log level = 2
> log file = /var/log/samba/log.%m
> max log size = 1000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> security = ads
> realm = hpm.net
>
> idmap backend = lwopen
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind enum users = yes
> winbind enum groups = yes
>
> encrypt passwords = true
> passdb backend = tdbsam
> obey pam restrictions = yes
> unix password sync = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
>*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> pam password change = yes
> map to guest = bad user
> usershare allow guests = yes
>
>[mediawiki]
> comment = Manuals Wiki Folders
> read only = yes
> path = /srv/mediawiki
> read list = @wikiread
> guest ok = no
>[manuals]
> comment = Manuals for download
> path = /srv/mediawiki/downloads
> browsable = yes
> writeable = yes
> read list = @wikiread
> write list = @wikiwrite
> create mask = 0775
> guest ok = no
>[covers]
> comment = cover images for manuals
> path = /srv/mediawiki/local/covers
> browsable = yes
> writeable = yes
> read list = @wikiread
> write list = @wikiwrite
> guest ok = no
> create mask = 0775
>
>/etc/nsswitch.conf:
>
>passwd: compat lsass winbind
>group: compat lsass winbind
>shadow: compat
>
>hosts: files dns winbind wins
>networks: files
>
>protocols: db files
>services: db files
>ethers: db files
>rpc: db files
>
>netgroup: nis
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list