[Samba] Problems with authentication in Samba4

Marcio Demetrio Bacci marciobacci at gmail.com
Tue Dec 1 16:45:48 UTC 2015


I'm having problems to authenticate users with winbind. I'm implementing
Squid3 Server and this server is working properly. But I think there is a
problem with winbind (perhaps winbind separator), because when I put ^ as
separator, how in Domain^Users, the error message appeared:

root at proxy:~# *echo "bacci Domain^Users" | /usr/lib/squid3/wbinfo_group.pl
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name Domain^Users
failed to call wbcStringToSid: WBC_ERR_INVALID_PARAM
Could not convert sid  to gid

But, when I put %20 as separator, how in Domain%20Users, the authentication
is OK.

root at proxy:~# *echo "bacci Domain%20Users" |
/usr/lib/squid3/wbinfo_group.pl <http://wbinfo_group.pl>*

My environment is: Samba 4.2.1 on Debian 7.2 as DC
Samba 4.1.17 on Debian 7.2 and Squid 3.1 as Proxy.

Here is my smb.conf in Proxy Server (Member Server)

  netbios name = DC1
  workgroup = EMPRESA
  security = ads
  realm = EMPRESA.COM
  encrypt passwords = yes
  dedicated keytab file = /etc/krb5.keytab
  kerberos method = secrets and keytab
  preferred master = no
  idmap config *:backend = tdb
  idmap config *:range = 1000-3000
  idmap config EMPRESA:backend = ad
  idmap config EMPRESA:schema_mode = rfc2307
  idmap config EMPRESA:range = 10000-9999999

  winbind nss info = rfc2307
  winbind trusted domains only = no
  winbind use default domain = yes
  winbind enum users = yes
  winbind enum groups = yes
  winbind refresh tickets = yes

  vfs objects = acl_xattr
  map acl inherit = Yes
  store dos attributes = Yes
  username map = /etc/samba/user.map

Is there any way to fix this problem in the Winbind?

More information about the samba mailing list