[Samba] wbinfo -u / getent passwd not working
basti
mailinglist at unix-solution.de
Fri Jul 10 10:10:29 UTC 2020
Hello,
i try to setup a linux laptop for homeoffice with login for ad users.
The last few days it work like expected.
today wbinfo -u return no user, getent passwd <username> also.
wbinfo -a "SAMDOM\user"
Enter SAMDOM\user's password:
plaintext password authentication succeeded
Enter SAMDOM\user's password:
challenge/response password authentication succeeded
wbinfo -D SAMDOM also works.
laptop smb.conf:
[global]
security = ADS
workgroup = SAMDOM
realm = SAMDOM.EXAMPLE.COM
log file = /var/log/samba/%m.log
log level = 1
winbind refresh tickets = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind use default domain = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use an read-write-enabled back end, such as tdb.
idmap config * : backend = tdb
idmap config * : range = 1000-2000
# idmap config for the SAMDOM domain
# alf has uid 1006
idmap config SAMDOM:backend = ad
idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:range = 2001-999999
template homedir = /home/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
# fix dfs error's in log ?
host msdfs = no
# https://wiki.samba.org/index.php/PAM_Offline_Authentication
winbind offline logon = yes
winbind cache time = 15768000
winbind enum users = yes
winbind enum groups = yes
cat /etc/krb5.conf
[libdefaults]
default_realm = SAMDOM.EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = true
More information about the samba
mailing list