[Samba] Question(s) about user mapping

Rowland Penny rowlandpenny at googlemail.com
Fri Jul 18 12:55:43 MDT 2014 

On 18/07/14 19:47, Jon Yeargers wrote:
> (apologies)
> # Global parameters
> [global]
>          workgroup = BME
>          realm = DOMAIN.EDU
>          netbios name = BEANBAG
>
>          encrypt passwords = yes
>          log level = 5
>
>          server role = active directory domain controller
>          dns forwarder = 137.10.10.10
>          idmap_ldb:use rfc2307 = yes
>
>          map untrusted to domain = Yes
>
> [netlogon]
>          path = /usr/local/samba/var/locks/sysvol/domain.edu/scripts
>          read only = No
>
> [sysvol]
>          path = /usr/local/samba/var/locks/sysvol
>          read only = No
>
>
> What other configs are relevant here?
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
> Sent: Friday, July 18, 2014 9:49 AM
> To: samba at lists.samba.org
> Subject: Re: [Samba] Question(s) about user mapping
>
> On 18/07/14 17:14, Jon Yeargers wrote:
>> I've setup samba4 to authenticate against a separate LDAP server. I can ssh to my server but attempts to login to a windows7 member server using the ldap domain are not working.
>>
>> Relevant errors:
>>
>> [2014/07/18 06:46:28.177400,  3] ../source4/auth/ntlm/auth.c:270(auth_check_password_send)     auth_check_password_send: Checking password for unmapped user [ldapdom]\[user]@[win7host]    auth_check_password_send: mapped user is: [sambadom]\[user]@[win7host]
>>
>> [2014/07/18 06:46:28.178098,  3] ../source4/auth/ntlm/auth_sam.c:61(authsam_search_account)      sam_search_user: Couldn't find user [user] in samdb, under C=dom,DC=server,DC=edu
>>
>> [2014/07/18 06:46:28.178184,  2] ../source4/auth/ntlm/auth.c:420(auth_check_password_recv)      auth_check_password_recv: sam_ignoredomain authentication for user [sambadom\user]    FAILED with error NT_STATUS_NO_SUCH_USER
>>
>>
>> It appears that some manner of user id mapping is being searched for. What I really want is for it to preserve and use the domain that was passed in rather than substituting it.
>>
>> CentOS 6.4 x64
>> Samba 4.1.0
>> Sssd 1.9.2
> Hi, I think that you are going to have to give us some more info here, smb.conf etc
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

You posted 'I've setup samba4 to authenticate against a separate LDAP 
server' yet now you post that your samba4 server is running as an AD DC, 
I was expecting that you were running samba4 as an NT style PDC.

Have you joined the windows machines to your AD DC ??

Rowland

More information about the samba mailing list