[Samba] Windows pre-requisites for login with winbind?

A. James Lewis james at fsck.co.uk
Mon Aug 21 15:37:03 UTC 2017


OK, obviously I am slightly sanitising the output here, but I'm preserving the case, and just replacing local names with generic ones as I did for the config.

# more /etc/hostname
hostname01

# more /etc/hosts
127.0.0.1   localhost
127.0.1.1   hostname01

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

# more /etc/resolv.conf
search domain.local
nameserver 10.0.3.1

# more /etc/nsswitch.conf 
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat winbind
group:          compat winbind
shadow:         compat
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
# 

James

August 21, 2017 3:54 PM, "Rowland Penny via samba" <samba at lists.samba.org> wrote:

> On Mon, 21 Aug 2017 14:32:16 +0000
> "A. James Lewis" <james at fsck.co.uk> wrote:
> 
>> Also, I see the following repeated in syslog:-
>> 
>> ==> syslog <==
>> Aug 21 15:25:41 hostname01 winbindd[691]: [2017/08/21
>> 15:25:41.438959,
>> 0] ../source3/libsmb/cliconnect.c:1895(cli_session_setup_spnego_send)
>> Aug 21 15:25:41 hostname01 winbindd[691]: Kinit for
>> HOSTNAME01$@DOMAIN.LOCAL to access
>> cifs/LOCAL_AD02.domain.local at DOMAIN.LOCAL failed: Cannot contact any
>> KDC for requested realm
>> 
>> When one of the suspect users tries to log in I get:-
>> 
>> ==> auth.log <==
>> Aug 21 15:25:14 op-sdes-dsk01 su[690]: No passwd entry for user
>> 'username' Aug 21 15:25:14 op-sdes-dsk01 su[690]: FAILED su for
>> username by root Aug 21 15:25:14 op-sdes-dsk01 su[690]: - ???
>> root:username
>> 
>> However, other AD users do work correctly.
>> 
>> This is Samba 4.5.8 BTW...
> 
> OK, can you post the following files:
> 
> /etc/hostname
> /etc/hosts
> /etc/resolv.conf
> /etc/nsswitch.conf
> 
> Rowland
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

--
A. James Lewis (james at fsck.co.uk)
"Engineering does not require science. Science helps a lot but people
built perfectly good brick walls long before they knew why cement works."



More information about the samba mailing list