[Samba] Fwd: Re: Fwd: Re: Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
Edouard Guigné
eguigne at pasteur-cayenne.fr
Wed Jun 19 15:00:16 UTC 2019
I realyze my mistake ...
"change the gid of domain users from 513 to *15513 *(to match with the
domain range 10000 - 14999)"
Very confused, I retest with 14513 and tell if is working.
-------- Message transféré --------
Sujet : Re: [Samba] Fwd: Re: Fwd: Re: Fwd: Re: Kerberos and NTLMv2
authentication
Date : Wed, 19 Jun 2019 11:50:03 -0300
De : Edouard Guigné via samba <samba at lists.samba.org>
Répondre à : Edouard Guigné <eguigne at pasteur-cayenne.fr>
Pour : samba at lists.samba.org
Hello,
I performed a test in order to get access to my samba share with
winbindd (and not sssd).
For that,
1. I change the gid of domain users from 513 to 15513 (to match with the
domain range 10000 - 14999)
And verify my test user is part of 15513
2. Stop sssd and change nsswitch.conf like this :
/passwd: files winbind//
//shadow: files//
//group: files //winbind//
/
3. Restart winbindd and smb, with # net cache flush
Unfortunatly, I still cannot mount the share on my win7 test workstation.
In log, I found :
myw7worstation.log
/2019/06/19 11:15:15.806577, 1]
../source3/smbd/service.c:521(make_connection_snum)//
// create_connection_session_info failed: NT_STATUS_ACCESS_DENIED//
//[2019/06/19 11:15:25.288729, 1]
../source3/smbd/service.c:521(make_connection_snum)//
// create_connection_session_info failed: NT_STATUS_ACCESS_DENIED//
//[2019/06/19 11:17:04.348099, 1]
../source3/smbd/service.c:521(make_connection_snum)//
// create_connection_session_info failed: NT_STATUS_ACCESS_DENIED/
log.winbindd-idmap
/[2019/06/18 14:43:16.926952, 1]
../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)//
// tdb(/var/lib/samba/winbindd_idmap.tdb): tdb_transaction_commit:
transaction error pending//
//[2019/06/18 14:43:16.926982, 1]
../source3/winbindd/idmap_tdb_common.c:138(idmap_tdb_common_allocate_id)//
// Error allocating a new GID//
//[2019/06/18 14:43:16.927123, 1]
../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)//
// tdb(/var/lib/samba/winbindd_idmap.tdb): tdb_transaction_commit:
transaction error pending//
//[2019/06/18 14:43:16.927140, 1]
../source3/winbindd/idmap_tdb_common.c:138(idmap_tdb_common_allocate_id)//
// Error allocating a new GID//
//[2019/06/18 14:46:23.754692, 0]
../source3/winbindd/winbindd.c:239(winbindd_sig_term_handler)/
From my win7 test workstation, The samba share is mounted with a script
at logon, with the "net use" command, the command does not work
and when I try to mount the share manually (same syntax than the one in
the logon script), I get :
net use S: \\mysambaserver\groups /user:MYDOMAIN\usertest
"invalid password for \\mysambaserver\groups"
(I am sure of the password)
What could be wrong ?
In my smb.cnf, I set valid users = @"utilisateurs du domaine at MYDOMAIN.LOCAL"
Can be the reason ?
Edouard
Le 18/06/2019 à 17:06, Rowland penny via samba a écrit :
> On 18/06/2019 20:41, Edouard Guigné via samba wrote:
>> Is it possible to make start DOMAIN range from 500 instead of 10000 ?
> Classicupgrade ?
>>
>> I realized that all my gid are in range 500 to 600 and not in range
>> 10000 - 14999
> Looks like you are going to have to use 500 for your lower DOMAIN
> range start, but this will mean that you will not be able to have any
> local Unix users and could have problems with potential local system
> users or groups if their Unix ID is 500 or above.
>
>> I thought DOMAIN range 10000 - 14999 was reserved for DOMAIN users
>
> No, you can use the same range for groups and users, the user with ID
> '10000' will never be mistaken for the group with the ID '10000'
>
> Have you read these Samba wiki pages:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> https://wiki.samba.org/index.php/Idmap_config_ad
>
> Rowland
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list