Web lists-archives.com

Re: [Samba] Regular users can't log in to Samba AD DC from Windows






On 02/06/2017 18:07, Rowland Penny via samba wrote:
On Mon, 6 Feb 2017 17:09:27 +0200
Alnis Morics via samba <samba@xxxxxxxxxxxxxxx> wrote:


On 02/06/2017 16:36, Rowland Penny via samba wrote:
On Mon, 6 Feb 2017 16:16:28 +0200
Alnis Morics via samba <samba@xxxxxxxxxxxxxxx> wrote:



On 02/06/2017 15:43, Rowland Penny via samba wrote:
On Mon, 6 Feb 2017 14:47:21 +0200
Alnis Morics via samba <samba@xxxxxxxxxxxxxxx> wrote:

I see. But I don't necessarily need homedirs and hence PAM
configured just to log in from Windows and access a file share
from there, do I? Or even just to log in on Windows to the
domain.

Alnis


If you only have windows users and they will never actually log
into the Samba AD DC, then you don't need user homedirs on the DC.

Rowland



That's my main problem for now: single sign-on doesn't work. The
Windows machine is joined the domain. Domain Administrator can log
in with this Windows machine, and other users that I created with
samba-tool, can not. Can you suggest a way of how to trace what's
going on?

Alnis


Not sure I understand what you are saying, do you want your users to
connect to shares on the DC, or are you saying that your users
cannot log into a windows PC joined to the domain ?

Rowland

My (domain) users cannot log into a Windows PC joined to the domain.

I created those users with samba-tool. Only the domain Administrator
can log into this Windows PC.

Alnis


I seem to remember something about freebsd, what filesystem are you
using and what were your ./config optiond when you built Samba ?

Rowland


My filesystem is UFS (v.2), I enabled ACLs with:
tunefs -a enable <filesystem-device>

and placed the "rw,acls" options into fstab, although the "mount" showed they are enabled even without that option in fstab.

Extended File Attributes are supported.

./configure options were "--without-systemd --man-dir=/usr/local/man"

Rowland, we were probably writing simultaneously, and you didn't notice I wrote that I finally managed to log in with that user1. Either passwords were messed up while I experimented with them (samba-tool user password/setpassword) or firewall was in the way, or both.

Thanks for helping,
Alnis


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba