[Samba] Make Samba4 ignore domain prefix on share logon
Jakub Veselý
happy at gjh.sk
Sun Aug 16 18:57:54 UTC 2015
Okay so it does work from smbclient, however I still can't get windows 10
to auth without prefix. Will try tommorow (CEST) at work on windows 7 one.
S pozdravom,
Jakub Veselý
Správca siete GJH
Novohradská 3, 82109 Bratislava
02/210 28 328
2015-08-16 20:56 GMT+02:00 Jakub Veselý <happy at gjh.sk>:
> Never mind I am an idiot. I have been experimenting with passwords and was
> writing the wrong one after edit. It DOES work from smb client.
>
> S pozdravom,
>
> Jakub Veselý
> Správca siete GJH
> Novohradská 3, 82109 Bratislava
> 02/210 28 328
>
> 2015-08-16 20:51 GMT+02:00 Jakub Veselý <happy at gjh.sk>:
>
>> Edited smb.conf to match yours and restarted both smbd and winbind. Did
>> not work. Tried to smbclient from another server: session setup failed:
>> NT_STATUS_LOGON_FAILURE. Our member server is also running Ubuntu 14.04 and
>> Samba-4.1.6 (I might have mistakenly wirtten it was 4.1.7 in original
>> email, dont remember now). Domain Users do have gid and users have uids.
>>
>>
>> S pozdravom,
>>
>> Jakub Veselý
>> Správca siete GJH
>> Novohradská 3, 82109 Bratislava
>> 02/210 28 328
>>
>> 2015-08-16 20:35 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
>>
>>> On 16/08/15 16:55, Jakub Veselý wrote:
>>>
>>>> I am trying to log in with my domain credentials, that are valid,
>>>> because when I prefix the login it succeeds.
>>>>
>>>> S pozdravom,
>>>>
>>>> Jakub Veselý
>>>> Správca siete GJH
>>>> Novohradská 3, 82109 Bratislava
>>>> 02/210 28 328
>>>>
>>>> 2015-08-16 17:46 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com
>>>> <mailto:rowlandpenny241155 at gmail.com>>:
>>>>
>>>> On 16/08/15 16:38, Jakub Veselý wrote:
>>>>
>>>> Unfortunately 'map untrusted to domain = yes' did not help, I
>>>> still keep
>>>> getting wrong username or password error while accessing the
>>>> share. I do
>>>> have 'winbind use default domain = yes' in the configuration,
>>>> but seem to
>>>> have no effect on windows either. I am trying it from windows
>>>> 10 PC that is
>>>> not joined to domain, could the os be an issue?
>>>>
>>>> Jakub Vesely
>>>>
>>>>
>>>> possibly, but you are trying to connect as a user that just
>>>> doesn't exist (i.e. a user from outside the domain), you may need
>>>> to use 'map to Bad User', but as I said, post your smb.conf
>>>>
>>>>
>>>> Rowland
>>>>
>>>>
>>>> -- To unsubscribe from this list go to the following URL and
>>>> read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>>
>>> OK, I tried to login from a VM that isn't connected to my domain with a
>>> domain user to a share on a member server and it works, the share is owned
>>> by root:Domain Users with 0775 permissions
>>>
>>> My smb.conf is very similar to yours with the addition of these lines:
>>>
>>> dedicated keytab file = /etc/krb5.keytab
>>> kerberos method = secrets and keytab
>>> winbind expand groups = 4
>>> winbind refresh tickets = Yes
>>> winbind normalize names = Yes
>>>
>>> I do not have these lines:
>>>
>>> winbind trusted domains only = no
>>> map untrusted to domain = yes
>>>
>>> The share stanza is just this:
>>>
>>> [testshare]
>>> path = /home/share
>>> read only = no
>>>
>>> The command I used on the VM is this:
>>>
>>> smbclient \\\\computer.example.com\\testshare -U rowland%password
>>>
>>> The member server is running Linux Mint 17 (aka Ubuntu 14.04) with samba
>>> 4.1.6
>>>
>>> My users have a uidNumber and Domain Users has a gidNumber.
>>>
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>
More information about the samba
mailing list