[Samba] UPN authentication for windows 2003 server
John Hixson
john at ixsystems.com
Tue Mar 10 23:49:47 MDT 2015
Hi,
When samba is joined to a 2k3 domain, UPN authentication does not work. It
works using smbclient, but not from a workstation that is not part of
the domain. I can reproduce this easily and provide logs and tcpdump's if
necessary. The same problem does not occur when samba is joined to 2k8
or 2k12 domains. Is this by design? Am I missing something?
- John
-------------- next part --------------
[global]
username map = /usr/local/etc/smbusers
server max protocol = SMB2
interfaces = 127.0.0.1 10.42.0.84
bind interfaces only = yes
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 117191
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = guest
map to guest = Bad User
obey pam restrictions = yes
directory name cache size = 0
kernel change notify = no
dfree command = /usr/local/libexec/samba/dfree
panic action = /usr/local/libexec/samba/samba-backtrace
nsupdate command = /usr/local/bin/samba-nsupdate -g
server string = FreeNAS Server
ea support = yes
store dos attributes = yes
hostname lookups = yes
time server = yes
acl allow execute always = true
acl check permissions = true
dos filemode = yes
domain logons = yes
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
server role = member server
netbios name = BUGFIX
netbios aliases = FOOFOO
workgroup = 2K3
realm = WIN2K3.DIVINIX.ORG
security = ADS
client use spnego = yes
cache directory = /var/tmp/.cache/.samba
local master = no
domain master = no
preferred master = no
winbind cache time = 7200
winbind offline logon = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = yes
winbind refresh tickets = yes
winbind nss info = rfc2307
idmap config 2K3: backend = ad
idmap config 2K3: range = 10000-90000000
idmap config 2K3: schema mode = rfc2307
allow trusted domains = no
client ldap sasl wrapping = plain
template shell = /bin/sh
template homedir = /home/%U
pid directory = /var/run/samba
smb passwd file = /var/etc/private/smbpasswd
private dir = /var/etc/private
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 10
[homes]
valid users = %U
path = /mnt/vol0/HOME1/%U
comment = Home Directories
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
shadow:format = auto-%Y%m%d.%H%M-2w
shadow:snapdirseverywhere = yes
vfs objects = shadow_copy2 zfsacl
hide dot files = yes
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare
[OPEN]
path = /mnt/vol0/OPEN
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
shadow:format = auto-%Y%m%d.%H%M-2w
shadow:snapdirseverywhere = yes
vfs objects = shadow_copy2 zfsacl
hide dot files = yes
guest ok = yes
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare
[SUBOPEN]
path = /mnt/vol0/OPEN/SUBOPEN
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
shadow:format = auto-%Y%m%d.%H%M-2w
shadow:snapdirseverywhere = yes
vfs objects = shadow_copy2 zfsacl
hide dot files = yes
guest ok = yes
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare
[share1]
path = /mnt/vol0/share1
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
vfs objects = zfsacl
hide dot files = yes
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare
[share2]
path = /mnt/vol0/share2
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
vfs objects = zfsacl
hide dot files = yes
guest ok = yes
guest only = yes
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare
More information about the samba
mailing list