[Samba] Fwd: Re: Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication

Edouard Guigné eguigne at pasteur-cayenne.fr
Wed Jun 19 15:55:04 UTC 2019 

The 2 commands works :
# getent passwd MYDOMAIN\\usertest
MYDOMAIN\\usertest:*:10430:14513:user TEST:/home/usertest:/bin/bash

# getent group MYDOMAIN\\"Utilisateurs du domaine"
MYDOMAIN\utilisateurs du domaine:x:14513:

I have to put "Utilisateurs du domaine" instead of Domain\ Users because 
the Windows AD is a french AD.


Le 19/06/2019 à 12:32, Rowland penny via samba a écrit :
> On 19/06/2019 16:16, Edouard Guigné via samba wrote:
>> So I re run the test with domain users gid 14513
>>
>> Still not working (sssd stopped, nsswitch.cnf with  "files winbind" 
>> for passwd group, # net cache flush + restart winbindd smb)
>>
>> On the samba server :
>> # wbinfo -i MYDOMAIN\usertest
>> MYDOMAIN\usertest:*:10430:*14513*:user TEST:/home/usertest:/bin/bash
>>
>> In log, I have :
>>
>> myw7worstation.log
>> /[2019/06/19 12:04:29.496822,  1] 
>> ../source3/smbd/service.c:521(make_connection_snum)//
>> //  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED//
>> //[2019/06/19 12:04:34.085421,  1] 
>> ../source3/smbd/service.c:521(make_connection_snum)//
>> //  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED//
>> //[2019/06/19 12:05:22.113816,  1] 
>> ../source3/smbd/service.c:521(make_connection_snum)//
>> //  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED//
>> //[2019/06/19 12:05:27.124307,  1] 
>> ../source3/smbd/service.c:521(make_connection_snum)//
>> //  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED/
>>
>> log.winbindd-idmap
>> /[2019/06/19 12:04:29.464431,  1] 
>> ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)//
>> //  tdb(/var/lib/samba/winbindd_idmap.tdb): tdb_transaction_commit: 
>> transaction error pending//
>> //[2019/06/19 12:04:29.464460,  1] 
>> ../source3/winbindd/idmap_tdb_common.c:138(idmap_tdb_common_allocate_id)//
>> //  Error allocating a new GID//
>> //[2019/06/19 12:04:29.464606,  1] 
>> ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)//
>> //  tdb(/var/lib/samba/winbindd_idmap.tdb): tdb_transaction_commit: 
>> transaction error pending//
>> //[2019/06/19 12:04:29.464622,  1] 
>> ../source3/winbindd/idmap_tdb_common.c:138(idmap_tdb_common_allocate_id)//
>> //  Error allocating a new GID/
>>
>> And when I try to mount the share manually (same syntax than the one 
>> in the logon script), I get :
>> net use S: \\mysambaserver\groups /user:MYDOMAIN\usertest
>> "invalid password for \\mysambaserver\groups"
>> and System error 5
>>
>> In smb.cnf, I set valid users = @"utilisateurs du 
>> domaine at MYDOMAIN.LOCAL"
>> Can it be the reason ?
>>
>>
> Lets start again:
>
> Do your users have a uidNumber attribute ?
>
> If so, are the contents of these uidNumber attributes, numbers inside 
> '10000-14999' ?
>
> Does 'Domain Users' have a gidNumber attribute containing a number 
> inside '10000-14999' ?
>
> Does 'getent passwd <A_DOMAIN_USER>' return output ?
>
> Note: Replace '<A_DOMAIN_USER>' with a valid domain username, if you 
> do not have 'winbind use default domain = yes' in smb.conf, this will 
> be in the format 'DOMAIN\\username'
>
> Does 'getent group Domain\ Users' return output ?
>
> Rowland
>
>
>

More information about the samba mailing list