[Samba] Make Samba4 ignore domain prefix on share logon

Rowland Penny rowlandpenny241155 at gmail.com
Sun Aug 16 19:01:48 UTC 2015


On 16/08/15 19:57, Jakub Veselý wrote:
> Okay so it does work from smbclient, however I still can't get windows 
> 10 to auth without prefix. Will try tommorow (CEST) at work on windows 
> 7 one.
>
> S pozdravom,
>
> Jakub Veselý
> Správca siete GJH
> Novohradská 3, 82109 Bratislava
> 02/210 28 328
>
> 2015-08-16 20:56 GMT+02:00 Jakub Veselý <happy at gjh.sk 
> <mailto:happy at gjh.sk>>:
>
>     Never mind I am an idiot. I have been experimenting with passwords
>     and was writing the wrong one after edit. It DOES work from smb
>     client.
>
>     S pozdravom,
>
>     Jakub Veselý
>     Správca siete GJH
>     Novohradská 3, 82109 Bratislava
>     02/210 28 328
>
>     2015-08-16 20:51 GMT+02:00 Jakub Veselý <happy at gjh.sk
>     <mailto:happy at gjh.sk>>:
>
>         Edited smb.conf to match yours and restarted both smbd and
>         winbind. Did not work. Tried to smbclient from another server:
>         session setup failed: NT_STATUS_LOGON_FAILURE. Our member
>         server is also running Ubuntu 14.04 and Samba-4.1.6 (I might
>         have mistakenly wirtten it was 4.1.7 in original email, dont
>         remember now). Domain Users do have gid and users have uids.
>
>
>         S pozdravom,
>
>         Jakub Veselý
>         Správca siete GJH
>         Novohradská 3, 82109 Bratislava
>         02/210 28 328
>
>         2015-08-16 20:35 GMT+02:00 Rowland Penny
>         <rowlandpenny241155 at gmail.com
>         <mailto:rowlandpenny241155 at gmail.com>>:
>
>             On 16/08/15 16:55, Jakub Veselý wrote:
>
>                 I am trying to log in with my domain credentials, that
>                 are valid, because when I prefix the login it succeeds.
>
>                 S pozdravom,
>
>                 Jakub Veselý
>                 Správca siete GJH
>                 Novohradská 3, 82109 Bratislava
>                 02/210 28 328 <tel:02%2F210%2028%20328>
>
>                 2015-08-16 17:46 GMT+02:00 Rowland Penny
>                 <rowlandpenny241155 at gmail.com
>                 <mailto:rowlandpenny241155 at gmail.com>
>                 <mailto:rowlandpenny241155 at gmail.com
>                 <mailto:rowlandpenny241155 at gmail.com>>>:
>
>                     On 16/08/15 16:38, Jakub Veselý wrote:
>
>                         Unfortunately 'map untrusted to domain = yes'
>                 did not help, I
>                         still keep
>                         getting wrong username or password error while
>                 accessing the
>                         share. I do
>                         have 'winbind use default domain = yes' in the
>                 configuration,
>                         but seem to
>                         have no effect on windows either. I am trying
>                 it from windows
>                         10 PC that is
>                         not joined to domain, could the os be an issue?
>
>                         Jakub Vesely
>
>
>                     possibly, but you are trying to connect as a user
>                 that just
>                     doesn't exist (i.e. a user from outside the
>                 domain), you may need
>                     to use 'map to Bad User', but as I said, post your
>                 smb.conf
>
>
>                     Rowland
>
>
>                     --     To unsubscribe from this list go to the
>                 following URL and read the
>                     instructions:
>                 https://lists.samba.org/mailman/options/samba
>
>
>
>             OK, I tried to login from a VM that isn't connected to my
>             domain with a domain user to a share on a member server
>             and it works, the share is owned by root:Domain Users with
>             0775 permissions
>
>             My smb.conf is very similar to yours with the addition of
>             these lines:
>
>                     dedicated keytab file = /etc/krb5.keytab
>                     kerberos method = secrets and keytab
>                     winbind expand groups = 4
>                     winbind refresh tickets = Yes
>                     winbind normalize names = Yes
>
>             I do not have these lines:
>
>               winbind trusted domains only = no
>               map untrusted to domain = yes
>
>             The share stanza is just this:
>
>             [testshare]
>                     path = /home/share
>                     read only = no
>
>             The command I used on the VM is this:
>
>             smbclient \\\\computer.example.com
>             <http://computer.example.com>\\testshare -U rowland%password
>
>             The member server is running Linux Mint 17 (aka Ubuntu
>             14.04) with samba 4.1.6
>
>             My users have a uidNumber and Domain Users has a gidNumber.
>
>
>             Rowland
>
>             -- 
>             To unsubscribe from this list go to the following URL and
>             read the
>             instructions: https://lists.samba.org/mailman/options/samba
>
>
>
>

Don't worry about it, we all have off days :-)

Rowland



More information about the samba mailing list