[Samba] Key table name malformed

mj lists at merit.unu.edu
Tue Apr 4 18:16:55 UTC 2017


Hi all,

On 04/04/2017 04:55 PM, lists via samba wrote:
>
> However: "getent passwd" does NOT work correctly:
>
>> user1:*:22185:513::/home/WRKGRP/user1:/bin/false
>> user2:*:29969:513::/home/WRKGRP/user2:/bin/false
>
> The uid/gid IS taken from AD, but homedirectory and shell are NOT the
> ones defined in AD. (making it look like the old samba 4.1 situation,
> where winbind took uid/gid from AD, but shell / homedirectory were from
> a template)

Reading the release notes for samba 4.6 on the member server, I have 
solved the "getent passwd" issue.

It seems we need to specify in smb.conf:

idmap config WRKGRP:unix_nss_info = yes

And yes, after adding this, the home directory and shell are correctly 
imported from AD.

However, the rest of the question remains: why does the domain join not 
generate a krb5.keytab? The computer account IS created/visible in AD, 
just the keytab is not generated.

And (probably as a result of that?) I cannot logon (ssh or console) as 
an AD domain user:

> Apr  4 19:57:01 processing sshd[1159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54f.fth.concepts.com  user=username
> Apr  4 19:57:01 processing sshd[1159]: pam_winbind(sshd:auth): getting password (0x00000388)
> Apr  4 19:57:01 processing sshd[1159]: pam_winbind(sshd:auth): pam_get_item returned a password
> Apr  4 19:57:02 processing sshd[1159]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_SYSTEM_ERR (4), NTSTATUS: NT_STATUS_CONNECTION_DISCONNECTED, Error message was: The transport connection is now disconnected.
> Apr  4 19:57:02 processing sshd[1159]: pam_winbind(sshd:auth): internal module error (retval = PAM_SYSTEM_ERR(4), user = 'username')
> Apr  4 19:57:04 processing sshd[1159]: Failed password for username from 84.3.2.25 port 36396 ssh2
> Apr  4 19:57:17 processing sshd[1159]: Connection closed by 84.3.2.25 [preauth]

Any suggestions?



More information about the samba mailing list