[Samba] help whith linux client on domain
jmpatagonia
jmpatagonia at gmail.com
Wed Jul 1 15:34:12 UTC 2020
Hello we have Samba Version 4.3.11, we are trying to logon linux desktop
clients on domain, we easy can join the client on the domain with net rpc
join -S 10.11.37.3 -U xxxxx it is satisfactory. We don't have kinit server.
Later we install libpam-winbind, winbind ,libnss-winbind and samba on the
client side.
Edit nsswitch.conf -->
passwd: compat winbind
group: compat winbind
shadow: compat winbind
edit smb.conf -> security = *domain .......*
edit /etc/pam.d/common-auth,/etc/pam.d/common-session,
edit /etc/lightdm/lightdm.conf
[SeatDefaults]
allow-guest=false
greeter-show-manual-login=true
Problem:
The problem was when try try logon on desktop login console we use
domain\username and always get error "invalid password please try again"
--> /var/log/auth.log
Jul 1 12:29:10 samba-cliente lightdm: pam_winbind(lightdm:auth): user
'policia\gafranchello' granted access
Jul 1 12:29:10 samba-cliente lightdm: pam_unix(lightdm:account): could not
identify user (from getpwnam(gafranchello))
But if we use a user that it it is still created on the client desktop, and
use the domain password, work
Jul 1 12:31:26 samba-cliente lightdm: pam_winbind(lightdm:auth): getting
password (0x00000000)
Jul 1 12:31:30 samba-cliente lightdm: pam_winbind(lightdm:auth): user
'policia\jmperrote' granted access
Jul 1 12:31:30 samba-cliente lightdm: pam_unix(lightdm-greeter:session):
session closed for user lightdm
Jul 1 12:31:30 samba-cliente lightdm:
pam_kwallet(lightdm-greeter:session): pam_kwallet: pam_sm_close_session
Jul 1 12:31:30 samba-cliente lightdm:
pam_kwallet5(lightdm-greeter:session): pam_kwallet5: pam_sm_close_session
Jul 1 12:31:30 samba-cliente lightdm:
pam_kwallet(lightdm-greeter:setcred): pam_kwallet: pam_sm_setcred
Jul 1 12:31:30 samba-cliente lightdm:
pam_kwallet5(lightdm-greeter:setcred): pam_kwallet5: pam_sm_setcred
Jul 1 12:31:30 samba-cliente lightdm: pam_unix(lightdm:session): session
opened for user jmperrote by (uid=0)
Jul 1 12:31:30 samba-cliente systemd-logind[635]: New session c4 of user
jmperrote.
Jul 1 12:31:30 samba-cliente lightdm: pam_kwallet(lightdm:session):
(null): pam_sm_open_session
Jul 1 12:31:30 samba-cliente lightdm: pam_kwallet(lightdm:session):
pam_kwallet: open_session called without kwallet_key
Jul 1 12:31:30 samba-cliente lightdm: pam_kwallet5(lightdm:session):
(null): pam_sm_open_session
Jul 1 12:31:30 samba-cliente lightdm: pam_kwallet5(lightdm:session):
pam_kwallet5: open_session called without kwallet5_key
Jul 1 12:31:34 samba-cliente gnome-keyring-daemon[5872]: The PKCS#11
component was already initialized
Jul 1 12:31:34 samba-cliente gnome-keyring-daemon[5872]: The SSH agent was
already initialized
Jul 1 12:31:34 samba-cliente gnome-keyring-daemon[5872]: The Secret
Service was already initialized
Jul 1 12:31:35 samba-cliente polkitd(authority=local): Registered
Authentication Agent for unix-session:c4 (system bus name :1.149
[/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object
path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Regards.
More information about the samba
mailing list