[Samba] Samba Domain server authentication

Gaiseric Vandal gaiseric.vandal at gmail.com
Mon Apr 2 11:48:55 UTC 2018 

Is this something that used to work but no longer does?

What are the results of "net rpc testjoin" command on the samba server?

Is the domain controller also samba?


What does "wbinfo -u" command show on the samba server?    On my servers 
shows "DOMAINNAME\eachuser" but that is with  "winbind trusted domains 
only = No" and "winbind use default domain = No" set in smb.conf.

Does "getent passwd" shows domain users?





On 04/02/18 06:21, Rob Thoman via samba wrote:
> Hi,
>
> We're having issues accessing shares from our Samba file server.
>
> If we try to access the share from a domain joined Windows machine, it
> prompts with enter username and password. If we supply the domain password
> it fails. The error that we get is the following.
> Failed to find a Unix account for peteruser 'lin\aadamson' (from session
> setup) not permitted to access this share (data)
> create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
>
> However, if we  supply the pdcname\username and password it works, as per
> below
> [2018/03/29 20:04:07.754925,  5] auth/auth_util.c:111(make_user_info_map)
> Mapping user [lin-pdc]\[aaamson] from workstation [PC-WIN-001-AR]
>
> The server is joined to the Domain
>
> net rpc join -U tadmin
> Enter tadmin's password:
> Joined domain LIN.
>
> Here is
> /etc/nssswith.conf
>
> #passwd:         compat
> #group:          compat
> #shadow:         compat
>
> passwd: files winbind
> group:  files winbind
> shadow: files winbind
>
> smb.conf
>
>          workgroup = LIN
>          netbios name = LINFS01
>          security = domain
>          obey pam restrictions = no
>         idmap config * : backend = tdb
>         idmap config * : range = 3000-7999
>
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> wins server = 192.168.100.23
>
>          password server = lin-pdc
>
>   [homes]
>          comment = our home
>          create mask = 0700
>          directory mask = 0700
>          browseable = No
>          read only = No
>          path = %H/samba
>
> other shares are also defined.
>
> What could be the issue?
>
> Regards,
> RT

More information about the samba mailing list