[Samba] Aix 7.1 + Samba 3.60 + W2003 AD can not access shares

Rowland Penny rowlandpenny at googlemail.com
Thu Oct 23 06:07:31 MDT 2014 

On 23/10/14 12:33, ORTEGA DOMINGUEZ, GONZALO wrote:
> Hello,
>
>   
>
> I have installed and  configured Samba 3.6.0 joining a Windows 2003
> server domain.
>
> wbinfo -u works fine but when I try to access a share I get the
> following error :
>
>   
>
> Failed to find authenticated user  via getpwnam(), denying access
>
>   
>
> Aix client is connecting the DC over a VPN.
>
>   
>
> This is my krb5.conf :
>
>   
>
>   
>
> [libdefaults]
>
>          default_realm = MYDOMAIN.COM
>
>          default_keytab_name = FILE:/etc/krb5/krb5.keytab
>
>          clockskew = 300
>
>   
>
> [realms]
>
>          MYDOMAIN.COM = {
>
>                  kdc = dc.mydomain.com:88
>
>                  admin_server = dc.mydomain.com:749
>
>                  default_domain = MYDOMAIN.COM
>
>          }
>
>   
>
> [domain_realm]
>
>          .mydomain.com = MYDOMAIN.COM
>
>          mydomain.com = MYDOMAIN.COM
>
>   
>
> [logging]
>
>          kdc = FILE:/var/krb5/log/krb5kdc.log
>
>          admin_server = FILE:/var/krb5/log/kadmin.log
>
>          kadmin_local = FILE:/var/krb5/log/kadmin_local.log
>
>          default = FILE:/var/krb5/log/krb5lib.log
>
>   
>
> And this is my smb.conf :
>
>   
>
> [global]
>
>          workgroup = MYDOMAIN
>
>          realm = MYDOMAIN.COM
>
>          server string = AIXCLINT
>
>          netbios name = aixclient
>
>          encrypt passwords = yes
>
>          security = ads
>
>          log file = /var/log/samba/log.%m
>
>          dos filetime resolution = yes
>
>          debug level = 99
>
>          max log size = 1000
>
>          winbinduid = 30000-40000
>
>          winbindgid = 30000-40000

Just where did you get the above two lines from ?

you need something like this:

         idmap config * : backend = tdb
         idmap config * : range = 2000-9999
         idmap config EXAMPLE : backend  = ad
         idmap config EXAMPLE : range = 10000-999999
         idmap config EXAMPLE : schema_mode = rfc2307

Rowland

>
>          winbind enum users = Yes
>
>          winbind enum groups = Yes
>
>          winbind separator = +
>
>          winbind use default domain = yes
>
>          read only = No
>
>          lock directory = /var/locks/samba
>
>          password server = dc.mydomain.com
>
>          panic action = "/usr/bin/sleep 90000"
>
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>
>        bind interfaces only = Yes
>
>        interfaces = en1
>
>       use sendfile = Yes
>
>       show add printer wizard = No
>
>   
>
> [TMP]
>
>    comment = TMP
>
>    path = /tmp/MYUSER
>
>    valid users = "MYDOMAIN+MYUSER"
>
>   
>
> the same configuration on an AIX 5.3 client in the LAN works fine.
>
> I have unjoined and joined to the domain with many changes in Kerberos
> and smb.conf but no success.
>
>   
>
>   
>
>   
>
>   
>
>   
>
>   
>

More information about the samba mailing list