[Samba] auth problems
Piviul
piviul at riminilug.it
Thu Nov 24 14:53:40 UTC 2022
On 11/24/22 15:45, Rowland Penny via samba wrote:
>
>
> On 24/11/2022 13:28, Piviul via samba wrote:
>> ...I forgot to say that the samba version of the PDC is 4.10.16
>
> What, you are running an nt4-style domain ?
> Or do you mean an AD DC is running 4.10.16 ?
yes, I mean AD DC is running 4.10.16
>>> this is testparm:
>>>
>>> root at serverdati:~# du -sh /home/shares/DAE/
>>> ^G^C
>>> root at serverdati:~# testparm
>>> Load smb config files from /etc/samba/smb.conf
>>> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
>>> (16384)
>>> Processing section "[homes]"
>>> [...]
>>> Loaded services file OK.
>>> WARNING: You have some share names that are longer than 12 characters.
>>> These may not be accessible to some older clients.
>>> (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
>>> Server role: ROLE_DOMAIN_MEMBER
>>> Press enter to see a dump of your service definitions
>>>
>>> [global]
>>> workgroup = DOMINIOCSA
>>> realm = AD.CSARICERCHE.COM
>>> server string = %h server (Samba, Debian)
>>> security = ADS
>>> map to guest = Bad User
>>> obey pam restrictions = Yes
>>> pam password change = Yes
>>> log file = /var/log/samba/log.%m
>>> max log size = 1000
>>> usershare allow guests = Yes
>>> panic action = /usr/share/samba/panic-action %d
>>> template shell = /bin/bash
>>> winbind enum users = Yes
>>> winbind enum groups = Yes
>>> winbind refresh tickets = Yes
>>> idmap config DOMINIOCSA : range = 10000-99999
>>> idmap config DOMINIOCSA : backend = rid
>>> idmap config * : range = 3000-9999
>>> idmap config * : backend = tdb
>>> map acl inherit = Yes
>>> store dos attributes = Yes
>>> vfs objects = acl_xattr
>>>
>>> [...]
>>>
>>
>>
>
> There doesn't appear to be anything wrong, is the join still OK and is
> winbind running ?
# net ads testjoin
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Strong(er)
authentication required
Join is OK
Piviul
More information about the samba
mailing list