[Samba] Problems with authentication in Samba4
Marcio Demetrio Bacci
marciobacci at gmail.com
Tue Dec 1 16:45:48 UTC 2015
Hi,
I'm having problems to authenticate users with winbind. I'm implementing
Squid3 Server and this server is working properly. But I think there is a
problem with winbind (perhaps winbind separator), because when I put ^ as
separator, how in Domain^Users, the error message appeared:
root at proxy:~# *echo "bacci Domain^Users" | /usr/lib/squid3/wbinfo_group.pl
<http://wbinfo_group.pl>*
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name Domain^Users
failed to call wbcStringToSid: WBC_ERR_INVALID_PARAM
Could not convert sid to gid
ERR
But, when I put %20 as separator, how in Domain%20Users, the authentication
is OK.
root at proxy:~# *echo "bacci Domain%20Users" |
/usr/lib/squid3/wbinfo_group.pl <http://wbinfo_group.pl>*
OK
My environment is: Samba 4.2.1 on Debian 7.2 as DC
Samba 4.1.17 on Debian 7.2 and Squid 3.1 as Proxy.
Here is my smb.conf in Proxy Server (Member Server)
[global]
netbios name = DC1
workgroup = EMPRESA
security = ads
realm = EMPRESA.COM
encrypt passwords = yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
preferred master = no
idmap config *:backend = tdb
idmap config *:range = 1000-3000
idmap config EMPRESA:backend = ad
idmap config EMPRESA:schema_mode = rfc2307
idmap config EMPRESA:range = 10000-9999999
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
username map = /etc/samba/user.map
Is there any way to fix this problem in the Winbind?
More information about the samba
mailing list