[Samba] AD integration - Administrator can log in but no one else can
steve
steve at steve-ss.com
Fri Feb 7 04:36:18 MST 2014
On Fri, 2014-02-07 at 10:36 +0100, L.P.H. van Belle wrote:
> Hai,
>
> In you globel smb.conf
> set realm in CAPS.
>
> is see your workgroup = HPM
>
> but administrator auths with : WIKI\Administrator
> and your users with :
> wbinfo -u
> ...
> HPM\yans
>
> so this isnt right im thinking.. , is you servername WIKI ?
>
> regards,
>
> Louis
>
I'd add to that, take Likewise out of the equation for the moment.
HTH
Steve
>
> >-----Oorspronkelijk bericht-----
> >Van: yan at seiner.com [mailto:samba-bounces at lists.samba.org]
> >Namens yan at seiner.com
> >Verzonden: donderdag 6 februari 2014 22:43
> >Aan: samba at lists.samba.org
> >Onderwerp: [Samba] AD integration - Administrator can log in
> >but no one else can
> >
> >I have an Ubuntu 12.04 LTS server that I am trying to get
> >integrated into
> >the company AD.
> >
> >The global AD administrator with the username Administrator
> >can log in and
> >access the shares on the samba box.
> >
> >No other user, even users with Administrator privileges, can.
> >
> > check_ntlm_password: authentication for user [Administrator] ->
> >[Administrator] -> [WIKI\Administrator] succeeded
> >
> > check_ntlm_password: Authentication for user [yans] -> [yans] FAILED
> >with error NT_STATUS_NO_SUCH_USER
> >
> >The yans user (me) can log into any computer except the samba
> >box. Even
> >if I granted Admin privileges I am still refused.
> >
> >Eventually I need to integrate this into our existing network
> >but for now
> >I need to get user logins working.
> >
> >The users do not have unix accounts on the samba box. They do not need
> >any accounts unless required to by samba.
> >
> >I can't figure out what I am doing wrong. I have tried many things;
> >here's my current smb.conf:
> >
> >[global]
> > workgroup = hpm
> > server string = %h server (Samba/Ubuntu)
> > log level = 2
> > log file = /var/log/samba/log.%m
> > max log size = 1000
> > syslog = 0
> > panic action = /usr/share/samba/panic-action %d
> > security = ads
> > realm = hpm.net
> >
> > idmap backend = lwopen
> > idmap uid = 10000-20000
> > idmap gid = 10000-20000
> > winbind enum users = yes
> > winbind enum groups = yes
> >
> > encrypt passwords = true
> > passdb backend = tdbsam
> > obey pam restrictions = yes
> > unix password sync = yes
> > passwd program = /usr/bin/passwd %u
> > passwd chat = *Enter\snew\s*\spassword:* %n\n
> >*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> > pam password change = yes
> > map to guest = bad user
> > usershare allow guests = yes
> >
> >[mediawiki]
> > comment = Manuals Wiki Folders
> > read only = yes
> > path = /srv/mediawiki
> > read list = @wikiread
> > guest ok = no
> >[manuals]
> > comment = Manuals for download
> > path = /srv/mediawiki/downloads
> > browsable = yes
> > writeable = yes
> > read list = @wikiread
> > write list = @wikiwrite
> > create mask = 0775
> > guest ok = no
> >[covers]
> > comment = cover images for manuals
> > path = /srv/mediawiki/local/covers
> > browsable = yes
> > writeable = yes
> > read list = @wikiread
> > write list = @wikiwrite
> > guest ok = no
> > create mask = 0775
> >
> >/etc/nsswitch.conf:
> >
> >passwd: compat lsass winbind
> >group: compat lsass winbind
> >shadow: compat
> >
> >hosts: files dns winbind wins
> >networks: files
> >
> >protocols: db files
> >services: db files
> >ethers: db files
> >rpc: db files
> >
> >netgroup: nis
> >
> >
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
More information about the samba
mailing list