[Samba] Key table name malformed
mj
lists at merit.unu.edu
Tue Apr 4 18:16:55 UTC 2017
Hi all,
On 04/04/2017 04:55 PM, lists via samba wrote:
>
> However: "getent passwd" does NOT work correctly:
>
>> user1:*:22185:513::/home/WRKGRP/user1:/bin/false
>> user2:*:29969:513::/home/WRKGRP/user2:/bin/false
>
> The uid/gid IS taken from AD, but homedirectory and shell are NOT the
> ones defined in AD. (making it look like the old samba 4.1 situation,
> where winbind took uid/gid from AD, but shell / homedirectory were from
> a template)
Reading the release notes for samba 4.6 on the member server, I have
solved the "getent passwd" issue.
It seems we need to specify in smb.conf:
idmap config WRKGRP:unix_nss_info = yes
And yes, after adding this, the home directory and shell are correctly
imported from AD.
However, the rest of the question remains: why does the domain join not
generate a krb5.keytab? The computer account IS created/visible in AD,
just the keytab is not generated.
And (probably as a result of that?) I cannot logon (ssh or console) as
an AD domain user:
> Apr 4 19:57:01 processing sshd[1159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54f.fth.concepts.com user=username
> Apr 4 19:57:01 processing sshd[1159]: pam_winbind(sshd:auth): getting password (0x00000388)
> Apr 4 19:57:01 processing sshd[1159]: pam_winbind(sshd:auth): pam_get_item returned a password
> Apr 4 19:57:02 processing sshd[1159]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_SYSTEM_ERR (4), NTSTATUS: NT_STATUS_CONNECTION_DISCONNECTED, Error message was: The transport connection is now disconnected.
> Apr 4 19:57:02 processing sshd[1159]: pam_winbind(sshd:auth): internal module error (retval = PAM_SYSTEM_ERR(4), user = 'username')
> Apr 4 19:57:04 processing sshd[1159]: Failed password for username from 84.3.2.25 port 36396 ssh2
> Apr 4 19:57:17 processing sshd[1159]: Connection closed by 84.3.2.25 [preauth]
Any suggestions?
More information about the samba
mailing list