[Samba] samba fails to connect to windows file share joined to domain
jacek burghardt
jaceksburghardt at gmail.com
Wed Dec 13 21:47:52 UTC 2023
I setup my samba with config provided
I cant mount shares still I see
SPNEGO login failed: The attempted logon is invalid. This is either due
to a bad username or authentication information.
[2023/12/13 14:41:17.238710, 1]
../../source3/winbindd/winbindd_cm.c:870(cm_prepare_connection)
authenticated session setup to den-dc01.HEBE.US using HEBE\RADREC$ failed
with NT_STATUS_LOGON_FAILURE
[2023/12/13 14:41:17.238751, 3]
../../source3/winbindd/winbindd_cm.c:365(cm_get_ipc_userpass)
cm_get_ipc_userpass: No auth-user defined
[2023/12/13 14:41:17.238781, 3]
../../source3/winbindd/winbindd_cm.c:365(cm_get_ipc_userpass)
cm_get_ipc_userpass: No auth-user defined
[2023/12/13 14:41:17.238910, 1]
../../source3/winbindd/winbindd_cm.c:1016(cm_prepare_connection)
Failed to prepare SMB connection to den-dc01.HEBE.US:
NT_STATUS_LOGON_FAILURE
[2023/12/13 14:41:17.239109, 3]
../../source3/winbindd/winbindd_dual_srv.c:951(_wbint_PingDc)
could not open handle to NETLOGON pipe: NT_STATUS_LOGON_FAILURE
On Wed, Dec 13, 2023 at 11:08 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Wed, 13 Dec 2023 10:23:27 -0700
> jacek burghardt via samba <samba at lists.samba.org> wrote:
>
> > 1. Do you want to setup a domaincontroller, fileserver or a client
> > The usage case is for client connecting to windows shares.
>
> OK, in which case your existing smb.conf requires a total re-write.
>
> > 2. If you want to setup a fileserver or client tell us if you joined
> > to the domain "net ads testjoin" is showing this.
> > Join to domain is not valid: LDAP_INVALID_CREDENTIALS
>
> This could be for several reasons, your existing smb.conf isn't allowing
> the join, or you just haven't joined the domain, for instance.
>
> > 3. Did you change your smb.conf to define your role DC or filserver or
> > client. At the moment it's a little bit from everything.
> > What is proper config for a client ?
>
> Based on what you posted, try this one:
>
> [global]
> workgroup = HEBE
> security = ADS
> realm = HEBE.US
>
> winbind use default domain = Yes
> winbind refresh tickets = yes
> winbind offline logon = yes
> dns proxy = no
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config HEBE : backend = rid
> idmap config HEBE : range = 10000-20000
> template shell = /bin/bash
>
> vfs objects = acl_xattr shadow_copy2
> map acl inherit = Yes
>
> printcap name = /dev/null
> load printers = no
> disable spoolss = yes
> printing = bsd
>
> log level = 3
> max log size = 50
> log file = /var/log/samba/log.%m
> ntlm auth = mschapv2-and-ntlmv2-only
>
> There are no shares shown, because the only shares you did show
> 'sysvol' & 'netlogon' shouldn't be on a fileserver.
>
> Stop any Samba daemons, then run:
>
> sudo net ads join -UAdministrator
>
> Enter the Administrator password when prompted.
>
> Once the join has succeeded, start the Samba daemons.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list