[Samba] Samba Domain server authentication

Rob Thoman emailthomasrob at gmail.com
Mon Apr 2 22:44:46 UTC 2018 

Hi,
The setup used to work on a when both file and AD were in the same box.
We're trying to separate them.

The 'net rpc testjoin' gives: Join to "LIN" is ok.

The wbinfo -u does list all users with "LIN\username". The getent passwd
lists the LIN\username with all the attrributes". This is after putting in
your suggestions about winbind trusted domains only and use default domain
option.

Do I need to change anything on the the PDC side? nsswitch?










On Mon, Apr 2, 2018 at 9:48 PM, Gaiseric Vandal via samba <
samba at lists.samba.org> wrote:

> Is this something that used to work but no longer does?
>
> What are the results of "net rpc testjoin" command on the samba server?
>
> Is the domain controller also samba?
>
>
> What does "wbinfo -u" command show on the samba server?    On my servers
> shows "DOMAINNAME\eachuser" but that is with  "winbind trusted domains only
> = No" and "winbind use default domain = No" set in smb.conf.
>
> Does "getent passwd" shows domain users?
>
>
>
>
>
>
> On 04/02/18 06:21, Rob Thoman via samba wrote:
>
>> Hi,
>>
>> We're having issues accessing shares from our Samba file server.
>>
>> If we try to access the share from a domain joined Windows machine, it
>> prompts with enter username and password. If we supply the domain password
>> it fails. The error that we get is the following.
>> Failed to find a Unix account for peteruser 'lin\aadamson' (from session
>> setup) not permitted to access this share (data)
>> create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
>>
>> However, if we  supply the pdcname\username and password it works, as per
>> below
>> [2018/03/29 20:04:07.754925,  5] auth/auth_util.c:111(make_user_info_map)
>> Mapping user [lin-pdc]\[aaamson] from workstation [PC-WIN-001-AR]
>>
>> The server is joined to the Domain
>>
>> net rpc join -U tadmin
>> Enter tadmin's password:
>> Joined domain LIN.
>>
>> Here is
>> /etc/nssswith.conf
>>
>> #passwd:         compat
>> #group:          compat
>> #shadow:         compat
>>
>> passwd: files winbind
>> group:  files winbind
>> shadow: files winbind
>>
>> smb.conf
>>
>>          workgroup = LIN
>>          netbios name = LINFS01
>>          security = domain
>>          obey pam restrictions = no
>>         idmap config * : backend = tdb
>>         idmap config * : range = 3000-7999
>>
>> winbind use default domain = yes
>> winbind enum users = yes
>> winbind enum groups = yes
>> wins server = 192.168.100.23
>>
>>          password server = lin-pdc
>>
>>   [homes]
>>          comment = our home
>>          create mask = 0700
>>          directory mask = 0700
>>          browseable = No
>>          read only = No
>>          path = %H/samba
>>
>> other shares are also defined.
>>
>> What could be the issue?
>>
>> Regards,
>> RT
>>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list