[Samba] NT_STATUS_LOGON_FAILURE
Rowland penny
rpenny at samba.org
Wed Oct 23 16:31:24 UTC 2019
On 23/10/2019 17:17, Timothy Brewer via samba wrote:
> Hi,
> Since I don't have access to AD to add uidNumber & gidNumber attributes, I
> used the second idmap config set. I also reverified the net ads testjoin -
> Join is OK.
> Still can't ssh from domain accounts and can't *write to* the share from
> Win10 or Cent, but I *can* now see into it from Win10 or Cent.
> I think my remaining issues are outside Samba, but suggestions/advice still
> welcome.
>
> Reposting my current smb.conf for future use:
> # Global parameters
> [global]
> client signing = if_required
> local master = No
> log file = /var/log/samba/%m
> map to guest = Bad User
> preferred master = No
> realm = <domain.url>
> security = ADS
> template shell = /sbin/nologin
> winbind use default domain = Yes
> workgroup = <domain>
> idmap config <domain>:backend = rid
> idmap config <domain>:unix_nss_info = yes
> idmap config <domain>:range = 10000-600000
> idmap config * : range = 1000-2000
> idmap config * : backend = tdb
>
>
> [SHARES]
> guest ok = Yes
> map acl inherit = Yes
> path = /media/usb/SHARES
> read only = No
> vfs objects = acl_xattr
> acl_xattr:ignore system acls = Yes
>
Does 'getent passwd username' return a users info ?
Do the passwd & group lines in /etc/nsswitch.conf look similar to these:
passwd compat winbind
group compat winbind
Do you have libpam-krb5, libpam-winbind and libnss-winbind (or your OS's
version of them) installed ?
Rowland
More information about the samba
mailing list