[Samba] Aix 7.1 + Samba 3.60 + W2003 AD can not access shares
Rowland Penny
rowlandpenny at googlemail.com
Thu Oct 23 06:07:31 MDT 2014
On 23/10/14 12:33, ORTEGA DOMINGUEZ, GONZALO wrote:
> Hello,
>
>
>
> I have installed and configured Samba 3.6.0 joining a Windows 2003
> server domain.
>
> wbinfo -u works fine but when I try to access a share I get the
> following error :
>
>
>
> Failed to find authenticated user via getpwnam(), denying access
>
>
>
> Aix client is connecting the DC over a VPN.
>
>
>
> This is my krb5.conf :
>
>
>
>
>
> [libdefaults]
>
> default_realm = MYDOMAIN.COM
>
> default_keytab_name = FILE:/etc/krb5/krb5.keytab
>
> clockskew = 300
>
>
>
> [realms]
>
> MYDOMAIN.COM = {
>
> kdc = dc.mydomain.com:88
>
> admin_server = dc.mydomain.com:749
>
> default_domain = MYDOMAIN.COM
>
> }
>
>
>
> [domain_realm]
>
> .mydomain.com = MYDOMAIN.COM
>
> mydomain.com = MYDOMAIN.COM
>
>
>
> [logging]
>
> kdc = FILE:/var/krb5/log/krb5kdc.log
>
> admin_server = FILE:/var/krb5/log/kadmin.log
>
> kadmin_local = FILE:/var/krb5/log/kadmin_local.log
>
> default = FILE:/var/krb5/log/krb5lib.log
>
>
>
> And this is my smb.conf :
>
>
>
> [global]
>
> workgroup = MYDOMAIN
>
> realm = MYDOMAIN.COM
>
> server string = AIXCLINT
>
> netbios name = aixclient
>
> encrypt passwords = yes
>
> security = ads
>
> log file = /var/log/samba/log.%m
>
> dos filetime resolution = yes
>
> debug level = 99
>
> max log size = 1000
>
> winbinduid = 30000-40000
>
> winbindgid = 30000-40000
Just where did you get the above two lines from ?
you need something like this:
idmap config * : backend = tdb
idmap config * : range = 2000-9999
idmap config EXAMPLE : backend = ad
idmap config EXAMPLE : range = 10000-999999
idmap config EXAMPLE : schema_mode = rfc2307
Rowland
>
> winbind enum users = Yes
>
> winbind enum groups = Yes
>
> winbind separator = +
>
> winbind use default domain = yes
>
> read only = No
>
> lock directory = /var/locks/samba
>
> password server = dc.mydomain.com
>
> panic action = "/usr/bin/sleep 90000"
>
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>
> bind interfaces only = Yes
>
> interfaces = en1
>
> use sendfile = Yes
>
> show add printer wizard = No
>
>
>
> [TMP]
>
> comment = TMP
>
> path = /tmp/MYUSER
>
> valid users = "MYDOMAIN+MYUSER"
>
>
>
> the same configuration on an AIX 5.3 client in the LAN works fine.
>
> I have unjoined and joined to the domain with many changes in Kerberos
> and smb.conf but no success.
>
>
>
>
>
>
>
>
>
>
>
>
>
More information about the samba
mailing list