[Samba] wbinfo -u / getent passwd not working
basti
mailinglist at unix-solution.de
Fri Jul 10 10:31:44 UTC 2020
On 10.07.20 12:25, Rowland penny via samba wrote:
> On 10/07/2020 11:10, basti via samba wrote:
>> Hello,
>> i try to setup a linux laptop for homeoffice with login for ad users.
>> The last few days it work like expected.
>>
>> today wbinfo -u return no user, getent passwd <username> also.
>>
>> wbinfo -a "SAMDOM\user"
>> Enter SAMDOM\user's password:
>> plaintext password authentication succeeded
>> Enter SAMDOM\user's password:
>> challenge/response password authentication succeeded
>>
>> wbinfo -D SAMDOM also works.
>>
>> laptop smb.conf:
>>
>> [global]
>> security = ADS
>> workgroup = SAMDOM
>> realm = SAMDOM.EXAMPLE.COM
>>
>> log file = /var/log/samba/%m.log
>> log level = 1
>>
>> winbind refresh tickets = Yes
>> dedicated keytab file = /etc/krb5.keytab
>> kerberos method = secrets and keytab
>> winbind use default domain = yes
>>
>> load printers = no
>> printing = bsd
>> printcap name = /dev/null
>> disable spoolss = yes
>>
>> # Default ID mapping configuration for local BUILTIN accounts
>> # and groups on a domain member. The default (*) domain:
>> # - must not overlap with any domain ID mapping configuration!
>> # - must use an read-write-enabled back end, such as tdb.
>> idmap config * : backend = tdb
>> idmap config * : range = 1000-2000
>>
>> # idmap config for the SAMDOM domain
>> # alf has uid 1006
>> idmap config SAMDOM:backend = ad
>> idmap config SAMDOM:schema_mode = rfc2307
>> idmap config SAMDOM:range = 2001-999999
>>
>> template homedir = /home/%U
>> template shell = /bin/bash
>>
>> client use spnego = yes
>> client ntlmv2 auth = yes
>> encrypt passwords = yes
>> restrict anonymous = 2
>>
>> # fix dfs error's in log ?
>> host msdfs = no
>>
>> # https://wiki.samba.org/index.php/PAM_Offline_Authentication
>> winbind offline logon = yes
>> winbind cache time = 15768000
>>
>> winbind enum users = yes
>> winbind enum groups = yes
>>
>> cat /etc/krb5.conf
>> [libdefaults]
>> default_realm = SAMDOM.EXAMPLE.COM
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
>>
> What OS and version is this ?
debian 10
>
> What Samba version ?
2:4.9.5+dfsg-5+deb10u1
only winbind installed.
>
> Why are you using such low ID numbers, is your domain a classicupgraded
> one ?
yes
>
> Rowland
>
>
>
More information about the samba
mailing list