[Samba] Regular users can't log in to Samba AD DC from Windows
Alnis Morics
alnis.moritz at gmail.com
Mon Feb 6 17:03:23 UTC 2017
On 02/06/2017 18:07, Rowland Penny via samba wrote:
> On Mon, 6 Feb 2017 17:09:27 +0200
> Alnis Morics via samba <samba at lists.samba.org> wrote:
>
>>
>> On 02/06/2017 16:36, Rowland Penny via samba wrote:
>>> On Mon, 6 Feb 2017 16:16:28 +0200
>>> Alnis Morics via samba <samba at lists.samba.org> wrote:
>>>
>>>>
>>>>
>>>> On 02/06/2017 15:43, Rowland Penny via samba wrote:
>>>>> On Mon, 6 Feb 2017 14:47:21 +0200
>>>>> Alnis Morics via samba <samba at lists.samba.org> wrote:
>>>>>
>>>>>> I see. But I don't necessarily need homedirs and hence PAM
>>>>>> configured just to log in from Windows and access a file share
>>>>>> from there, do I? Or even just to log in on Windows to the
>>>>>> domain.
>>>>>>
>>>>>> Alnis
>>>>>>
>>>>>
>>>>> If you only have windows users and they will never actually log
>>>>> into the Samba AD DC, then you don't need user homedirs on the DC.
>>>>>
>>>>> Rowland
>>>>>
>>>>>
>>>>
>>>> That's my main problem for now: single sign-on doesn't work. The
>>>> Windows machine is joined the domain. Domain Administrator can log
>>>> in with this Windows machine, and other users that I created with
>>>> samba-tool, can not. Can you suggest a way of how to trace what's
>>>> going on?
>>>>
>>>> Alnis
>>>>
>>>
>>> Not sure I understand what you are saying, do you want your users to
>>> connect to shares on the DC, or are you saying that your users
>>> cannot log into a windows PC joined to the domain ?
>>>
>>> Rowland
>>>
>> My (domain) users cannot log into a Windows PC joined to the domain.
>>
>> I created those users with samba-tool. Only the domain Administrator
>> can log into this Windows PC.
>>
>> Alnis
>>
>
> I seem to remember something about freebsd, what filesystem are you
> using and what were your ./config optiond when you built Samba ?
>
> Rowland
>
My filesystem is UFS (v.2), I enabled ACLs with:
tunefs -a enable <filesystem-device>
and placed the "rw,acls" options into fstab, although the "mount" showed
they are enabled even without that option in fstab.
Extended File Attributes are supported.
./configure options were "--without-systemd --man-dir=/usr/local/man"
Rowland, we were probably writing simultaneously, and you didn't notice
I wrote that I finally managed to log in with that user1. Either
passwords were messed up while I experimented with them (samba-tool user
password/setpassword) or firewall was in the way, or both.
Thanks for helping,
Alnis
More information about the samba
mailing list