[Samba] Share authentication problem
Sascha Wiechmann
swiechmann at escoor.de
Thu Apr 19 08:08:12 UTC 2018
Hi @ll !
I am trying to set up a samba fileserver in SuSe 42.3 as domain member
in a debian based Samba4 AD. The join seems to be ok, as I can get
/wbinfo -u/ and /-g/, and /getent group/ and /passwd/.
I can also list all browsable shares with /smbclient -L \\SambaFS
-Uusername/, but when i add -k, I get following errors :
/SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for cifs/Samba1 failed
(next[(null)]): NT_STATUS_INVALID_PARAMETER//
//SPNEGO: Could not find a suitable mechtype in NEG_TOKEN_INIT//
//session setup failed: NT_STATUS_INVALID_PARAMETER/
/----------------------------------------------------------------------------------------/
So bought a book from Stefan Kania for Samba4 in AD that I worked
through site to site - but I do not get access to shares for the domain
members except the domain admin. Windows prompts for user authentification.
The "profiles" share works perfect and is owned to the same gid than the
other "general" share is. I would like to use Windows Rightsmanagement
for the shares in future. Some Informations :
/Samba1:/ # getent passwd mjackson//
//mjackson:*:1001113:10013::/home/SAM//DOM///mjackson:/bin/false/
/Samba1:/ # ls -ln /home/samba
total 4
drwxrws---+ 2 10003 10013 23 Apr 19 09:45 domdata
/
/Samba1:/ # ls -lh /home/samba
total 4.0K
drwxrws---+ 2 administrator domain users 23 Apr 19 09:45 //domdata/
and another one for the working profiles share:
/Samba1:/home # ls -lh
total 4.0K
drwxrwx--T 3 root domain users 27 Apr 17 10:46 profile
drwxrwsr-x 3 administrator domain users 25 Apr 18 10:37 samba
drwxr-xr-x 19 samba1 users 4.0K Apr 19 08:56 samba1
/
/Samba1:/home # ls -ln
total 4
drwxrwx--T 3 0 10013 27 Apr 17 10:46 profile
drwxrwsr-x 3 10003 10013 25 Apr 18 10:37 samba
drwxr-xr-x 19 1000 100 4096 Apr 19 08:56 samba1/
---------------------------------------------------------------------------
S/amba1:/ # smbclient -L \\Samba1 -Umjackson/
WARNING: The "idmap gid" option is deprecated <------- what is the
actual way? :)
WARNING: The "idmap uid" option is deprecated
lp_load_ex: changing to config backend registry
WARNING: The "idmap gid" option is deprecated
WARNING: The "idmap uid" option is deprecated
Enter SAMDOM\mjackson's password:
OS=[Windows 6.1] Server=[Samba
4.6.13-git.72.2a684235f4112.1-SUSE-SLE_12-x86_64]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba
4.6.13-git.72.2a684235f4112.1-SUSE-SLE_12-x86_64)
domData Disk Famous domdata
test2 Disk tester
OS=[Windows 6.1] Server=[Samba
4.6.13-git.72.2a684235f4112.1-SUSE-SLE_12-x86_64]
Server Comment
--------- -------
Workgroup Master
--------- -------
WORKGROUP SOMEPC
smb.conf :
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\global]
"idmap gid"="10000-20000"
"idmap uid"="10000-20000"
"usershare allow guests"="No"
"workgroup"="SAMDOM"
"template homedir"="/home/%D/%U"
"winbind refresh tickets"="yes"
"netbios name"="Samba1"
"wins support"="Yes"
"winbind enum users"="yes"
"winbind enum groups"="yes"
"winbind use default domain"="yes"
"idmap config * : range"="10000 - 19999"
"idmap config SAMDOM: backend"="rid"
"idmap config SAMDOM : range"="1000000 - 1999999"
"store dos attributes"="yes"
"vfs objects"="acl_xattr"
"hide unreadable"="yes"
"security"="ads"
"realm"="SAMDOM.TEST"
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\Admin-Share]
"browseable"="no"
"read only"="no"
"path"="/home/samba"
"comment"="AdminShare"
"guest ok"="no"
"inherit acls"="yes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\profile]
"guest ok"="no"
"browseable"="no"
"read only"="no"
"profile acls"="yes"
"comment"="User Profile"
"path"="/home/profile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\domData]
"path"="/home/samba/domdata/"
"comment"="Famous domdataLW"
"guest ok"="no"
"read only"="no"
Any help is much appreciated, thanks in advance!
br
Sascha
More information about the samba
mailing list