[Samba] Make Samba4 ignore domain prefix on share logon
Rowland Penny
rowlandpenny241155 at gmail.com
Sun Aug 16 19:01:48 UTC 2015
On 16/08/15 19:57, Jakub Veselý wrote:
> Okay so it does work from smbclient, however I still can't get windows
> 10 to auth without prefix. Will try tommorow (CEST) at work on windows
> 7 one.
>
> S pozdravom,
>
> Jakub Veselý
> Správca siete GJH
> Novohradská 3, 82109 Bratislava
> 02/210 28 328
>
> 2015-08-16 20:56 GMT+02:00 Jakub Veselý <happy at gjh.sk
> <mailto:happy at gjh.sk>>:
>
> Never mind I am an idiot. I have been experimenting with passwords
> and was writing the wrong one after edit. It DOES work from smb
> client.
>
> S pozdravom,
>
> Jakub Veselý
> Správca siete GJH
> Novohradská 3, 82109 Bratislava
> 02/210 28 328
>
> 2015-08-16 20:51 GMT+02:00 Jakub Veselý <happy at gjh.sk
> <mailto:happy at gjh.sk>>:
>
> Edited smb.conf to match yours and restarted both smbd and
> winbind. Did not work. Tried to smbclient from another server:
> session setup failed: NT_STATUS_LOGON_FAILURE. Our member
> server is also running Ubuntu 14.04 and Samba-4.1.6 (I might
> have mistakenly wirtten it was 4.1.7 in original email, dont
> remember now). Domain Users do have gid and users have uids.
>
>
> S pozdravom,
>
> Jakub Veselý
> Správca siete GJH
> Novohradská 3, 82109 Bratislava
> 02/210 28 328
>
> 2015-08-16 20:35 GMT+02:00 Rowland Penny
> <rowlandpenny241155 at gmail.com
> <mailto:rowlandpenny241155 at gmail.com>>:
>
> On 16/08/15 16:55, Jakub Veselý wrote:
>
> I am trying to log in with my domain credentials, that
> are valid, because when I prefix the login it succeeds.
>
> S pozdravom,
>
> Jakub Veselý
> Správca siete GJH
> Novohradská 3, 82109 Bratislava
> 02/210 28 328 <tel:02%2F210%2028%20328>
>
> 2015-08-16 17:46 GMT+02:00 Rowland Penny
> <rowlandpenny241155 at gmail.com
> <mailto:rowlandpenny241155 at gmail.com>
> <mailto:rowlandpenny241155 at gmail.com
> <mailto:rowlandpenny241155 at gmail.com>>>:
>
> On 16/08/15 16:38, Jakub Veselý wrote:
>
> Unfortunately 'map untrusted to domain = yes'
> did not help, I
> still keep
> getting wrong username or password error while
> accessing the
> share. I do
> have 'winbind use default domain = yes' in the
> configuration,
> but seem to
> have no effect on windows either. I am trying
> it from windows
> 10 PC that is
> not joined to domain, could the os be an issue?
>
> Jakub Vesely
>
>
> possibly, but you are trying to connect as a user
> that just
> doesn't exist (i.e. a user from outside the
> domain), you may need
> to use 'map to Bad User', but as I said, post your
> smb.conf
>
>
> Rowland
>
>
> -- To unsubscribe from this list go to the
> following URL and read the
> instructions:
> https://lists.samba.org/mailman/options/samba
>
>
>
> OK, I tried to login from a VM that isn't connected to my
> domain with a domain user to a share on a member server
> and it works, the share is owned by root:Domain Users with
> 0775 permissions
>
> My smb.conf is very similar to yours with the addition of
> these lines:
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> winbind expand groups = 4
> winbind refresh tickets = Yes
> winbind normalize names = Yes
>
> I do not have these lines:
>
> winbind trusted domains only = no
> map untrusted to domain = yes
>
> The share stanza is just this:
>
> [testshare]
> path = /home/share
> read only = no
>
> The command I used on the VM is this:
>
> smbclient \\\\computer.example.com
> <http://computer.example.com>\\testshare -U rowland%password
>
> The member server is running Linux Mint 17 (aka Ubuntu
> 14.04) with samba 4.1.6
>
> My users have a uidNumber and Domain Users has a gidNumber.
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and
> read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
>
Don't worry about it, we all have off days :-)
Rowland
More information about the samba
mailing list