Re: [Samba] Windows pre-requisites for login with winbind?
- Date: Mon, 21 Aug 2017 14:32:16 +0000
- From: "A. James Lewis via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Windows pre-requisites for login with winbind?
Also, I see the following repeated in syslog:-
==> syslog <==
Aug 21 15:25:41 hostname01 winbindd: [2017/08/21 15:25:41.438959, 0] ../source3/libsmb/cliconnect.c:1895(cli_session_setup_spnego_send)
Aug 21 15:25:41 hostname01 winbindd: Kinit for HOSTNAME01$@DOMAIN.LOCAL to access cifs/LOCAL_AD02.domain.local@DOMAIN.LOCAL failed: Cannot contact any KDC for requested realm
When one of the suspect users tries to log in I get:-
==> auth.log <==
Aug 21 15:25:14 op-sdes-dsk01 su: No passwd entry for user 'username'
Aug 21 15:25:14 op-sdes-dsk01 su: FAILED su for username by root
Aug 21 15:25:14 op-sdes-dsk01 su: - ??? root:username
However, other AD users do work correctly.
This is Samba 4.5.8 BTW...
August 21, 2017 2:56 PM, "Rowland Penny via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> On Mon, 21 Aug 2017 13:14:16 +0000
> "A. James Lewis" <james@xxxxxxxxxx> wrote:
>> I'm slightly confused, you appear to have trimmed down the config,
>> but not changed anything.... would you think this would affect the
>> issue where long standing users are able to log in, but new users are
>> not... even after a couple of weeks they are not able to log in via
>> "winbind", although they can authenticate via Kerberos, and obviously
>> log in to Windows desktops.
> Yes I trimmed you /etc/krb5.conf down to all that is required, I also
> removed all the unnecessary lines from your smb.conf, but I also
> altered two lines and added two others.
> Your set up was putting everything into the '*' domain and nothing into
> the 'DOMAIN' domain. You were also using the 'rid' backend for the '*'
> domain and you MUST use 'tdb' for this.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
A. James Lewis (james@xxxxxxxxxx)
"Engineering does not require science. Science helps a lot but people
built perfectly good brick walls long before they knew why cement works."
To unsubscribe from this list go to the following URL and read the