[Samba] Fwd: Re: Fwd: Re: Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication

Edouard Guigné eguigne at pasteur-cayenne.fr
Wed Jun 19 15:00:16 UTC 2019


I realyze my mistake ...

"change the gid of domain users from 513 to *15513 *(to match with the 
domain range 10000 - 14999)"

Very confused, I retest with 14513 and tell if is working.

-------- Message transféré --------
Sujet : 	Re: [Samba] Fwd: Re: Fwd: Re: Fwd: Re: Kerberos and NTLMv2 
authentication
Date : 	Wed, 19 Jun 2019 11:50:03 -0300
De : 	Edouard Guigné via samba <samba at lists.samba.org>
Répondre à : 	Edouard Guigné <eguigne at pasteur-cayenne.fr>
Pour : 	samba at lists.samba.org



Hello,

I performed a test in order to get access to my samba share with 
winbindd (and not sssd).

For that,

1. I change the gid of domain users from 513 to 15513 (to match with the 
domain range 10000 - 14999)
And verify my test user is part of 15513

2. Stop sssd and change nsswitch.conf like this :
/passwd:     files winbind//
//shadow:     files//
//group:      files //winbind//
/

3. Restart winbindd and smb, with # net cache flush

Unfortunatly, I still cannot mount the share on my win7 test workstation.

In log, I found :
myw7worstation.log
/2019/06/19 11:15:15.806577,  1] 
../source3/smbd/service.c:521(make_connection_snum)//
//  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED//
//[2019/06/19 11:15:25.288729,  1] 
../source3/smbd/service.c:521(make_connection_snum)//
//  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED//
//[2019/06/19 11:17:04.348099,  1] 
../source3/smbd/service.c:521(make_connection_snum)//
//  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED/

log.winbindd-idmap
/[2019/06/18 14:43:16.926952,  1] 
../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)//
//  tdb(/var/lib/samba/winbindd_idmap.tdb): tdb_transaction_commit: 
transaction error pending//
//[2019/06/18 14:43:16.926982,  1] 
../source3/winbindd/idmap_tdb_common.c:138(idmap_tdb_common_allocate_id)//
//  Error allocating a new GID//
//[2019/06/18 14:43:16.927123,  1] 
../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)//
//  tdb(/var/lib/samba/winbindd_idmap.tdb): tdb_transaction_commit: 
transaction error pending//
//[2019/06/18 14:43:16.927140,  1] 
../source3/winbindd/idmap_tdb_common.c:138(idmap_tdb_common_allocate_id)//
//  Error allocating a new GID//
//[2019/06/18 14:46:23.754692,  0] 
../source3/winbindd/winbindd.c:239(winbindd_sig_term_handler)/

 From my win7 test workstation, The samba share is mounted with a script 
at logon, with the "net use" command, the command does not work

and when I try to mount the share manually (same syntax than the one in 
the logon script), I get :
net use S: \\mysambaserver\groups /user:MYDOMAIN\usertest
"invalid password for \\mysambaserver\groups"

(I am sure of the password)

What could be wrong ?
In my smb.cnf, I set valid users = @"utilisateurs du domaine at MYDOMAIN.LOCAL"
Can be the reason ?

Edouard

Le 18/06/2019 à 17:06, Rowland penny via samba a écrit :
> On 18/06/2019 20:41, Edouard Guigné via samba wrote:
>> Is it possible to make start DOMAIN range from 500 instead of 10000 ?
> Classicupgrade ?
>>
>> I realized that all my gid are in range 500 to 600 and not in range 
>> 10000 - 14999
> Looks like you are going to have to use 500 for your lower DOMAIN 
> range start, but this will mean that you will not be able to have any 
> local Unix users and could have problems with potential local system 
> users or groups if their Unix ID is 500 or above.
>
>> I thought  DOMAIN range 10000 - 14999 was reserved for DOMAIN users
>
> No, you can use the same range for groups and users, the user with ID 
> '10000' will never be mistaken for the group with the ID '10000'
>
> Have you read these Samba wiki pages:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> https://wiki.samba.org/index.php/Idmap_config_ad
>
> Rowland
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list