[Samba] wbinfo -u / getent passwd not working
Rowland penny
rpenny at samba.org
Fri Jul 10 10:39:33 UTC 2020
On 10/07/2020 11:31, basti via samba wrote:
>
> On 10.07.20 12:25, Rowland penny via samba wrote:
>> On 10/07/2020 11:10, basti via samba wrote:
>>> Hello,
>>> i try to setup a linux laptop for homeoffice with login for ad users.
>>> The last few days it work like expected.
>>>
>>> today wbinfo -u return no user, getent passwd <username> also.
>>>
>>> wbinfo -a "SAMDOM\user"
>>> Enter SAMDOM\user's password:
>>> plaintext password authentication succeeded
>>> Enter SAMDOM\user's password:
>>> challenge/response password authentication succeeded
>>>
>>> wbinfo -D SAMDOM also works.
>>>
>>> laptop smb.conf:
>>>
>>> [global]
>>> security = ADS
>>> workgroup = SAMDOM
>>> realm = SAMDOM.EXAMPLE.COM
>>>
>>> log file = /var/log/samba/%m.log
>>> log level = 1
>>>
>>> winbind refresh tickets = Yes
>>> dedicated keytab file = /etc/krb5.keytab
>>> kerberos method = secrets and keytab
>>> winbind use default domain = yes
>>>
>>> load printers = no
>>> printing = bsd
>>> printcap name = /dev/null
>>> disable spoolss = yes
>>>
>>> # Default ID mapping configuration for local BUILTIN accounts
>>> # and groups on a domain member. The default (*) domain:
>>> # - must not overlap with any domain ID mapping configuration!
>>> # - must use an read-write-enabled back end, such as tdb.
>>> idmap config * : backend = tdb
>>> idmap config * : range = 1000-2000
>>>
>>> # idmap config for the SAMDOM domain
>>> # alf has uid 1006
>>> idmap config SAMDOM:backend = ad
>>> idmap config SAMDOM:schema_mode = rfc2307
>>> idmap config SAMDOM:range = 2001-999999
>>>
>>> template homedir = /home/%U
>>> template shell = /bin/bash
>>>
>>> client use spnego = yes
>>> client ntlmv2 auth = yes
>>> encrypt passwords = yes
>>> restrict anonymous = 2
>>>
>>> # fix dfs error's in log ?
>>> host msdfs = no
>>>
>>> # https://wiki.samba.org/index.php/PAM_Offline_Authentication
>>> winbind offline logon = yes
>>> winbind cache time = 15768000
>>>
>>> winbind enum users = yes
>>> winbind enum groups = yes
>>>
>>> cat /etc/krb5.conf
>>> [libdefaults]
>>> default_realm = SAMDOM.EXAMPLE.COM
>>> dns_lookup_realm = false
>>> dns_lookup_kdc = true
>>>
>>>
>> What OS and version is this ?
> debian 10
>> What Samba version ?
> 2:4.9.5+dfsg-5+deb10u1
>
> only winbind installed.
So you only require authentication
Have you tried restarting winbind ?
Rowland
More information about the samba
mailing list