[Samba] Problems to authenticate Ubuntu 14 on Samba4

Marcio Demetrio Bacci marciobacci at gmail.com
Mon Dec 28 22:54:44 UTC 2015


I'm using Ubuntu 14.04-64 bits

I had installed with apt-get the follows packages


krb5-user krb5-config winbind samba samba-common smbclient cifs-utils
libpam-krb5 libpam-winbind libnss-winbind

The samba version is 4.1.16-Ubuntu

Below are my files of configuration

*/etc/samba/smb.conf*
[global]
  netbios name = cliente-ad192
  workgroup = EMPRESA
  security = ads
  realm = EMPRESA.COM
  password server = 192.196.40.1
  encrypt passwords = yes
  dedicated keytab file = /etc/krb5.keytab
  kerberos method = secrets and keytab
  preferred master = no
  idmap config *:backend = tdb
  idmap config *:range = 1000-3000
  idmap config EMPRESA:backend = ad
  idmap config EMPRESA:schema_mode = rfc2307
  idmap config EMPRESA:range = 10000-9999999

  winbind nss info = rfc2307
  winbind trusted domains only = no
  winbind use default domain = yes
  winbind enum users = yes
  winbind enum groups = yes
  winbind refresh tickets = yes
  template homedir = /home/%D/%U
  template shell = /bin/bash
  vfs objects = acl_xattr
  map acl inherit = Yes
  store dos attributes = Yes
  username map = /etc/samba/user.map



*/etc/krb5.conf*
[libdefaults]
default_realm = EMPRESA.COM

# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true

[realms]
EMPRESA.COM = {
kdc = DC1.EMPRESA.COM
admin_server = DC1.EMPRESA.COM
}

[domain_realm]
.empresa.com = EMPRESA.COM
empresa.com = EMPRESA.COM

[login]
krb4_convert = true
krb4_get_tickets = false



*/etc/resolv.conf*
nameserver 192.168.40.1
search empresa.com


*/etc/hosts*127.0.0.1    localhost
127.0.1.1    cliente-ad192.empresa.com    cliente-ad192
192.168.40.2    cliente-ad192.empresa.com    cliente-ad192
192.168.40.1    dc1.empresa.comdc1


*/etc/nsswitch.conf*
passwd:compat
group:compat
shadow:compat
hosts:files mdns4_minimal [NOTFOUND=return] dns
networks:files
protocols:      db files
services:db files
ethers:db files
rpc:db files
netgroup:nis


*/etc/pam.d/common-session*
session [default=1]pam_permit.so
session requisitepam_deny.so
session requiredpam_permit.so
session optionalpam_umask.so
session optionalpam_krb5.so minimum_uid=1000
session requiredpam_unix.so
session optionalpam_winbind.so
session optionalpam_systemd.so


*/usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf *
[SeatDefaults]
user-session=ubuntu
greeter-show-manual-login=true



*/usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf *
[SeatDefaults]
allow-guest=false
greeter-show-remote-login=false
greeter-show-manual-login=true
greeter-session=unity-greeter


Thanks

2015-12-28 19:29 GMT-02:00 Rowland penny <rpenny at samba.org>:

> On 28/12/15 21:10, Marcio Demetrio Bacci wrote:
>
>> Hi,
>>
>> I have saw many tutorials to ingress Ubuntu 14 in the Samba4 domain, but
>> none worked properly. I put the Ubuntu workstation in the Domain, but when
>> I try to login, appear the following messenge:
>>
>> "your password will be expire in 42 days"
>>
>> and does not permit the authentication.
>>
>> How can I configure correctly Ubuntu 14 workstation to authenticate in the
>> Samba 4 domain?
>>
>>
>> Thanks
>>
>> Márcio Bacci
>>
>
> Hi, you are going to have to give us more info before we can help you,
> smb.conf, etc/resolv.conf, /etc/krb5.conf etc
> Also what packages have you installed with the Samba packages.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list