[Samba] NT_STATUS_LOGON_FAILURE
Rowland penny
rpenny at samba.org
Wed Oct 23 15:43:29 UTC 2019
On 23/10/2019 16:16, Timothy Brewer via samba wrote:
> Hi,
> I disabled SSSD and made the suggested changes to my smb.conf. Now Win10
> says "Windows cannot access <path>". I can no longer ssh to the server -
> permission denied error.
>
>
OK, have you added any uidNumber & gidNumber attributes to AD, if so
your 'idmap config' block (based on what you posted earlier) should be:
idmap config * : backend=tdb
idmap config * : range=1000-2000
idmap config SAMBADOM : backend = ad
idmap config SAMBADOM : range = 10000-600000
idmap config SAMBADOM : schema_mode =rfc2307
idmap config SAMBADOM : unix_nss_info = yes
idmap config SAMBADOM : unix_primary_group = yes
Just as long as the uidNumber & gidNumber attributes contain numbers
inside the '10000-600000' range AND 'Domain Users' has a gidNumber
If you haven't added any uidNumber & gidNumber attributes, then you need
to use this:
idmap config * : backend=tdb
idmap config * : range=1000-2000
idmap config SAMBADOM : backend = rid
idmap config SAMBADOM : range = 10000-600000
You would need to run 'net cache flush'
I would also test the join with 'net ads testjoin'
Rowland
More information about the samba
mailing list