[Samba] Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
Rowland penny
rpenny at samba.org
Tue Jun 18 18:34:01 UTC 2019
On 18/06/2019 19:02, Edouard Guigné via samba wrote:
> Hello,
>
> I mean that i added "winbind refresh tickets = yes" in smb.cnf, but
> does not seem to be link with my problem (Kerberos and NTLMv2
> authentication).
>
> After several test, without changing content of smb.conf (except for
> winbind refresh tickets = yes) :
>
> 0. nsswitch.conf
> passwd: files sss
> shadow: files sss
> group: files sss
>
> That's working (share is accessible from windows 7, permissions and
> acls working)
> But in in log, I see only NTLMv2 Auth
>
> 1. nsswitch.conf
> passwd: files winbind
> shadow: files
> group: files winbind
>
> That's not working (share is not accessible from windows 7, access
> denied)
>
> 2. nsswitch.conf
> passwd: files sss winbind
> shadow: files sss
> group: files sss winbind
>
> not working (share is accessible but it take time to see permissions
> acls from security tab on windows 7)
>
You are using the winbind 'ad' backend according to the smb.conf you
posted earlier, have you given your AD users a uidNumber attribute
containing a unique number inside the ' 10000-14999' range ? and have
you also given 'Domain Users' a gidNumber attribute containing a number
inside the same range ?
Do you really want to use a different primary group for your Unix users
over Samba (when they connect to a Samba share) ?
If not, remove 'idmap config MYDOMAIN : unix_primary_group = yes'
If all the above is correct, it should work.
Rowland
More information about the samba
mailing list