[Samba] Failed to find authenticated user via getpwnam(), denying access

Krutskikh Ivan stein.hak at gmail.com
Wed May 20 13:18:33 MDT 2015


The problem was due to winbind missing symlinks in opensuse 13.1/13.2.

It's fixed with:

ln -s /usr/lib64/libnss_winbind.so.2 /lib64/libnss_winbind.so
ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2



2015-05-20 20:50 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>:

> Hi,
>
>
> I'm trying a basic setup : samba 4.2 on vm as ad dc, linux server as a dc
> member with samba shares and win 7 as a ad member and samba client.
>
> Unix attrs are assigned, windows auth and linux kinit work ok. But when I
> try to access samba share from windows a get an error above in my log.smb:
>
>   check_ntlm_password:  Checking password for unmapped user
> [KURSK]\[video]@[EVENT] with the new password interface
> [2015/05/20 19:52:36.319290,  3]
> ../source3/auth/auth.c:180(auth_check_ntlm_password)
>   check_ntlm_password:  mapped user is: [KURSK]\[video]@[EVENT]
> [2015/05/20 19:52:36.319324,  4]
> ../source3/smbd/sec_ctx.c:216(push_sec_ctx)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2015/05/20 19:52:36.319351,  4] ../source3/smbd/uid.c:485(push_conn_ctx)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2015/05/20 19:52:36.319376,  4] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2015/05/20 19:52:36.326815,  4] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2015/05/20 19:52:36.327565,  3]
> ../source3/auth/auth_util.c:1247(check_account)
>   Failed to find authenticated user KURSK\video via getpwnam(), denying
> access.
> [2015/05/20 19:52:36.327620,  2]
> ../source3/auth/auth.c:288(auth_check_ntlm_password)
>   check_ntlm_password:  Authentication for user [video] -> [video] FAILED
> with error NT_STATUS_NO_SUCH_USER
>
>
> What am I missing here?
>
> Linux ad member smb.conf:
>
> [global]
>
>    workgroup = KURSK
>    security = ADS
>    realm = KURSK.MTT
>    server role = member server
>    dedicated keytab file = /etc/krb5.keytab
>    kerberos method = secrets and keytab
>
>    log level = 4
>
>
>    idmap config *:backend = tdb
>    idmap config *:range = 2000-9999
>    idmap config KURSK:backend = ad
>    idmap config KURSK:schema_mode = rfc2307
>    idmap config KURSK:range = 10000-99999
>
>    winbind nss info = rfc2307
>    winbind trusted domains only = no
>    winbind use default domain = yes
>    winbind enum users  = yes
>    winbind enum groups = yes
>    winbind refresh tickets = Yes
>    winbind expand groups = 4
>    winbind normalize names = Yes
>    domain master = no
>    local master = no
>    vfs objects = acl_xattr
>    map acl inherit = Yes
>    store dos attributes = Yes
>
> [demoshare]
>    path = /archive/video
>    read only = no
>
>
> krb5.conf :
>
> [libdefaults]
>         default_realm = KURSK.MTT
>         dns_lookup_realm = false
>         dns_lookup_kdc = true
>         clockskew = 300
> [domain_realm]
>         .kursk.mtt = KURSK.MTT
> [realms]
>          KURSK.MTT = {
>                 kdc = debian-dc.kursk.mtt
>                 default_domain = kursk.mtt
>                 admin_server = debian-dc.kursk.mtt
>         }
> [appdefaults]
> pam = {
>         ticket_lifetime = 1d
>         renew_lifetime = 1d
>         forwardable = true
>         proxiable = false
>         minimum_uid = 1
>         clockskew = 300
>         external = sshd
>         use_shmem = sshd
> }
> [logging]
>         kdc = FILE:/var/log/krb5.log
>         kdc = SYSLOG:INFO
>         default = SYSLOG:UNFO:USER
>
>
> /etc/nsswitch.conf :
>
>
> #passwd: compat
> #group:  compat
>
> passwd: compat winbind
> group:  compat winbind
> shadow: files winbind
>
>
>
> hosts:          files mdns_minimal [NOTFOUND=return] dns
> networks:       files dns
>
> services:       files
> protocols:      files
> rpc:            files
> ethers:         files
> netmasks:       files
> netgroup:       files nis
> publickey:      files
>
> bootparams:     files
> automount:      files nis
> aliases:        files
>
>
>


More information about the samba mailing list