[Samba] Cannot share folders access denid PDC+LDAP.
Alberto Moreno
portsbsd at gmail.com
Fri Jun 3 00:30:01 UTC 2016
Hi, is time to get help.
I have a DOMAIN with samba3.6.23-9.el5_11 Centos 5.11 x64
Windows XP/Win7/Win8.1 domain no issues.(x32/x64)
I have even 2 Linux Centos 5.x in my domain x64
Now, I have add 1 Centos 6.x x64 updated.
Samba 3.6.23-35.el6_8
I had setup LDAP client on this server to get users/groups and add to my
domain with net rpc join, no issue.
I can see the server on my domain no issue, the problem start went I setup
my shares folders and some users.
Public folders no problem, the problem are went I use usernames where have
'Uppercase' the firs letter.
For some strange reason cannot talk very well with my ldap server.
Case 1: upper and lower case.
SERVER GOOD:
[root at servera ~]# id Test
uid=1062(test) gid=513(Domain Users) groups=513(Domain Users)
[root at aervera ~]# id test
uid=1062(test) gid=513(Domain Users) groups=513(Domain Users),10001(pvsw)
[root at servera ~]#
Test or test return info.
Now let test the SERVER-BAD
[root at mbx-server2 opt]# id test
uid=1062(test) gid=513(Domain Users) groups=513(Domain Users),10001(pvsw)
[root at mbx-server2 opt]# id Test
id: Test: No such user
[root at mbx-server2 opt]#
test is diff than Test.
Now, what happen on my domain?
I have some users that appear like this on windows:
Notadmin.
I setup my share:
[nasa]
path = /opt/it
writeable = Yes
public = No
guest ok = No
valid users = test, Notadmin, dflores
create mode = 0770
directory mode = 0770
force group = itmbx
force create mode = 0770
force directory mode = 0770
admin users = root Notadmin
The user Notadmin cannot access this share.
I had check settings but I use the same us the other servers, some new
flags but nothing that took my attention:
[global]
workgroup = MYDOMAIN
netbios name = mbx-server2
hosts allow = 192.168.2., 192.168.1., 127., 192.168.20.,
192.168.30., 192.168.40., 192.168.50.
hosts deny = 0.0.0.0
smb ports = 139 445
lanman auth = Yes
client lanman auth = Yes
security = DOMAIN
encrypt passwords = yes
syslog = 1
log level = 1
log file = /var/log/samba/%m.%U.log
max log size = 2048
socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384
name resolve order = wins bcast hosts lmhost
username map = /etc/samba/usermap
domain logons = No
domain master = No
local master = No
preferred master = No
wins server = 192.168.2.24
idmap config * : backend = ldap
idmap config * : range = 10000-20000
logon path =
logon home =
display charset = LOCALE
unix charset = UTF-8
dos charset = CP850
client ipc signing = auto
map to guest = Bad User
load printers = No
show add printer wizard = No
use sendfile = Yes
map readonly = no
case sensitive = No
dns proxy = No
winbind separator = +
What SAMBA-BAD say on logs:
[2016/05/31 09:24:48.856147, 3]
../libcli/auth/ntlmssp_server.c:348(ntlmssp_server_preauth)
Got user=[Notadmin] domain=[MYDOMAIN] workstation=[MBX-WIN8R1PM] len1=24
len2=288
[2016/05/31 09:24:48.856641, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user
[MYDOMAIN\[Notadmin]@[MBX-WIN8R1PM] with the new password interface
[2016/05/31 09:24:48.856751, 3] auth/auth.c:222(check_ntlm_password)
check_ntlm_password: mapped user is: [MYDOMAIN]\[Notadmin]@[MBX-WIN8R1PM]
[2016/05/31 09:24:48.864733, 3] auth/auth_util.c:1087(check_account)
Failed to find authenticated user MYDOMAIN\Notadmin via getpwnam(),
denying access.
[2016/05/31 09:24:48.864888, 2] auth/auth.c:330(check_ntlm_password)
check_ntlm_password: Authentication for user [Notadmin] -> [Notadmin]
FAILED with error NT_STATUS_NO_SUCH_USER
[2016/05/31 09:24:48.864935, 3] smbd/sesssetup.c:63(do_map_to_guest)
Any recomendation about I will appreciated, thanks!!!
--
LIving the dream...
More information about the samba
mailing list