[Samba] Fwd: Re: Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication

Rowland penny rpenny at samba.org
Wed Jun 19 15:32:20 UTC 2019 

On 19/06/2019 16:16, Edouard Guigné via samba wrote:
> So I re run the test with domain users gid 14513
>
> Still not working (sssd stopped, nsswitch.cnf with  "files winbind" 
> for passwd group, # net cache flush + restart winbindd smb)
>
> On the samba server :
> # wbinfo -i MYDOMAIN\usertest
> MYDOMAIN\usertest:*:10430:*14513*:user TEST:/home/usertest:/bin/bash
>
> In log, I have :
>
> myw7worstation.log
> /[2019/06/19 12:04:29.496822,  1] 
> ../source3/smbd/service.c:521(make_connection_snum)//
> //  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED//
> //[2019/06/19 12:04:34.085421,  1] 
> ../source3/smbd/service.c:521(make_connection_snum)//
> //  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED//
> //[2019/06/19 12:05:22.113816,  1] 
> ../source3/smbd/service.c:521(make_connection_snum)//
> //  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED//
> //[2019/06/19 12:05:27.124307,  1] 
> ../source3/smbd/service.c:521(make_connection_snum)//
> //  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED/
>
> log.winbindd-idmap
> /[2019/06/19 12:04:29.464431,  1] 
> ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)//
> //  tdb(/var/lib/samba/winbindd_idmap.tdb): tdb_transaction_commit: 
> transaction error pending//
> //[2019/06/19 12:04:29.464460,  1] 
> ../source3/winbindd/idmap_tdb_common.c:138(idmap_tdb_common_allocate_id)//
> //  Error allocating a new GID//
> //[2019/06/19 12:04:29.464606,  1] 
> ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)//
> //  tdb(/var/lib/samba/winbindd_idmap.tdb): tdb_transaction_commit: 
> transaction error pending//
> //[2019/06/19 12:04:29.464622,  1] 
> ../source3/winbindd/idmap_tdb_common.c:138(idmap_tdb_common_allocate_id)//
> //  Error allocating a new GID/
>
> And when I try to mount the share manually (same syntax than the one 
> in the logon script), I get :
> net use S: \\mysambaserver\groups /user:MYDOMAIN\usertest
> "invalid password for \\mysambaserver\groups"
> and System error 5
>
> In smb.cnf, I set valid users = @"utilisateurs du domaine at MYDOMAIN.LOCAL"
> Can it be the reason ?
>
>
Lets start again:

Do your users have a uidNumber attribute ?

If so, are the contents of these uidNumber attributes, numbers inside 
'10000-14999' ?

Does 'Domain Users' have a gidNumber attribute containing a number 
inside '10000-14999' ?

Does 'getent passwd <A_DOMAIN_USER>' return output ?

Note: Replace '<A_DOMAIN_USER>' with a valid domain username, if you do 
not have 'winbind use default domain = yes' in smb.conf, this will be in 
the format 'DOMAIN\\username'

Does 'getent group Domain\ Users' return output ?

Rowland

More information about the samba mailing list