[Samba] Share authentication problem
L.P.H. van Belle
belle at bazuin.nl
Thu Apr 19 08:54:40 UTC 2018
Ok, please post of both servers the smb.conf and tell the samba versions.
You have a misconfiguration in these.
> WARNING: The "idmap gid" option is deprecated
> WARNING: The "idmap uid" option is deprecated
^^^^^^^^^^^^^^^^^^^^^^^^^^^
> "idmap gid"="10000-20000"
> "idmap uid"="10000-20000"
You need something like this example.
# https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
## map id's outside to domain to tdb files.
idmap config * : backend = tdb
idmap config * : range = 2000-9999
## map ids from the domain and (*) the range may not overlap !
idmap config NTDOM : backend = ad
idmap config NTDOM : schema_mode = rfc2307
idmap config NTDOM : range = 10000-3999999
## these to depend on how u use samba. ( 4.6+)
#idmap config NTDOM : unix_nss_info = yes
#idmap config NTDOM : unix_primary_group = yes
If thats fixed my first guess would be..
You use: smbclient -L \\SambaFS -Uusername
You should use : Smbclient -L \\FQDN -Uusername
And depending on the samba/smblcient versions add -mSMB1
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Sascha Wiechmann via samba
> Verzonden: donderdag 19 april 2018 10:08
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Share authentication problem
>
> Hi @ll !
>
> I am trying to set up a samba fileserver in SuSe 42.3 as
> domain member
> in a debian based Samba4 AD. The join seems to be ok, as I can get
> /wbinfo -u/ and /-g/, and /getent group/ and /passwd/.
> I can also list all browsable shares with /smbclient -L \\SambaFS
> -Uusername/, but when i add -k, I get following errors :
>
> /SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for cifs/Samba1 failed
> (next[(null)]): NT_STATUS_INVALID_PARAMETER//
> //SPNEGO: Could not find a suitable mechtype in NEG_TOKEN_INIT//
> //session setup failed: NT_STATUS_INVALID_PARAMETER/
>
> /-------------------------------------------------------------
> ---------------------------/
>
> So bought a book from Stefan Kania for Samba4 in AD that I worked
> through site to site - but I do not get access to shares for
> the domain
> members except the domain admin. Windows prompts for user
> authentification.
> The "profiles" share works perfect and is owned to the same
> gid than the
> other "general" share is. I would like to use Windows
> Rightsmanagement
> for the shares in future. Some Informations :
>
> /Samba1:/ # getent passwd mjackson//
> //mjackson:*:1001113:10013::/home/SAM//DOM///mjackson:/bin/false/
>
> /Samba1:/ # ls -ln /home/samba
> total 4
> drwxrws---+ 2 10003 10013 23 Apr 19 09:45 domdata
> /
>
> /Samba1:/ # ls -lh /home/samba
> total 4.0K
> drwxrws---+ 2 administrator domain users 23 Apr 19 09:45 //domdata/
>
> and another one for the working profiles share:
>
> /Samba1:/home # ls -lh
> total 4.0K
> drwxrwx--T 3 root domain users 27 Apr 17
> 10:46 profile
> drwxrwsr-x 3 administrator domain users 25 Apr 18 10:37 samba
> drwxr-xr-x 19 samba1 users 4.0K Apr 19 08:56 samba1
> /
>
> /Samba1:/home # ls -ln
> total 4
> drwxrwx--T 3 0 10013 27 Apr 17 10:46 profile
> drwxrwsr-x 3 10003 10013 25 Apr 18 10:37 samba
> drwxr-xr-x 19 1000 100 4096 Apr 19 08:56 samba1/
>
> --------------------------------------------------------------
> -------------
>
> S/amba1:/ # smbclient -L \\Samba1 -Umjackson/
> WARNING: The "idmap gid" option is deprecated <------- what is the
> actual way? :)
> WARNING: The "idmap uid" option is deprecated
> lp_load_ex: changing to config backend registry
> WARNING: The "idmap gid" option is deprecated
> WARNING: The "idmap uid" option is deprecated
> Enter SAMDOM\mjackson's password:
> OS=[Windows 6.1] Server=[Samba
> 4.6.13-git.72.2a684235f4112.1-SUSE-SLE_12-x86_64]
>
> Sharename Type Comment
> --------- ---- -------
> IPC$ IPC IPC Service (Samba
> 4.6.13-git.72.2a684235f4112.1-SUSE-SLE_12-x86_64)
> domData Disk Famous domdata
> test2 Disk tester
> OS=[Windows 6.1] Server=[Samba
> 4.6.13-git.72.2a684235f4112.1-SUSE-SLE_12-x86_64]
>
> Server Comment
> --------- -------
>
> Workgroup Master
> --------- -------
> WORKGROUP SOMEPC
>
> smb.conf :
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\global]
> "idmap gid"="10000-20000"
> "idmap uid"="10000-20000"
> "usershare allow guests"="No"
> "workgroup"="SAMDOM"
> "template homedir"="/home/%D/%U"
> "winbind refresh tickets"="yes"
> "netbios name"="Samba1"
> "wins support"="Yes"
> "winbind enum users"="yes"
> "winbind enum groups"="yes"
> "winbind use default domain"="yes"
> "idmap config * : range"="10000 - 19999"
> "idmap config SAMDOM: backend"="rid"
> "idmap config SAMDOM : range"="1000000 - 1999999"
> "store dos attributes"="yes"
> "vfs objects"="acl_xattr"
> "hide unreadable"="yes"
> "security"="ads"
> "realm"="SAMDOM.TEST"
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\Admin-Share]
> "browseable"="no"
> "read only"="no"
> "path"="/home/samba"
> "comment"="AdminShare"
> "guest ok"="no"
> "inherit acls"="yes"
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\profile]
> "guest ok"="no"
> "browseable"="no"
> "read only"="no"
> "profile acls"="yes"
> "comment"="User Profile"
> "path"="/home/profile"
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\domData]
> "path"="/home/samba/domdata/"
> "comment"="Famous domdataLW"
> "guest ok"="no"
> "read only"="no"
>
> Any help is much appreciated, thanks in advance!
>
> br
>
> Sascha
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list