Web lists-archives.com

Re: [Samba] Unable to authenticate with Samba 4.5 from XP box




Thanks L.P.H and Rowland,

I've just tested the L.P.H solution and after reboot I'm able to
authenticate with the member server without problem. Is slow listing
folders with much objects but works (maybe happened always).

Here's my smb.conf:

[global]
workgroup = DOMAIN
security = ADS
realm = DOMAIN.COM
server role = member server
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab

idmap config *:backend = tdb
idmap config *:range = 3000-7999
idmap config ACONFI:backend = rid
idmap config ACONFI:schema_mode = rfc2307
idmap config ACONFI:range = 10000-999999

winbind nss info = rfc2307
# winbind trusted domains only = no
winbind use default domain = yes
# winbind enum users  = yes
# winbind enum groups = yes
winbind offline logon = yes
# winbind refresh tickets = Yes
# winbind expand groups = 4
winbind normalize names = Yes
# domain master = no
# local master = no
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
log level = 3

# Configuramos la papelera de reciclaje y el audit
vfs objects = recycle full_audit

# Papelera de reciclaje
recycle:repository = /server/share/Papelera/
recycle:keeptree = yes
recycle:versions = yes
# No recicla ficheros vacios
recycle:minsize = 1
# Excluye ficheros temporales
recycle:exclude = *.tmp, *.TMP, *.temp, *.TEMP, *.o, *.obj, ~$*, *.lock,
*.lck, *.sqlite-wal, *.bak, thumb.db
# No recicla ficheros del escaner
#recycle:exclude_dir = /server/share/Escaner/

# Audit
full_audit:prefix = %u|%I|%m|%R|%S
full_audit:success = chmod chmod_acl chown connect disconnect link mkdir
pread pwrite read removexattr rename rmdir setxattr unlink write
full_audit:failure = none
full_audit:facility = LOCAL7
full_audit:priority = NOTICE

[Folder]
path = /server_ssd/share/folder
read only = no
browsable = yes
valid users = @allowed_group

.... And more shares with similar configuration (only changes valid users).

Greetings!!

2017-10-30 11:30 GMT+01:00 Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>:

> On Mon, 30 Oct 2017 11:05:52 +0100
> Daniel Carrasco via samba <samba@xxxxxxxxxxxxxxx> wrote:
>
> > Hello,
> >
> > I've a computer that has XP for compatibility purposes and is outside
> > the domain.
> > I'm trying to mount some shares that are on a Member Server with
> > Samba 4.5 but always get an error saying that password is wrong. All
> > other computers can enter to shares without problem and I'm sure that
> > the password is OK because I can login on Windows 7 computer and even
> > I've mounted a share from another Windows 7 computer that is also
> > outside the domain, so looks like is a problem with that XP Computer.
> >
> > Is there any way to allow to an XP user to login into Samba 4.5 share?
> >
> > I've already tried this three options:
> > ntlm auth = yes
> > raw NTLMv2 auth = yes
> > lanman auth = yes
> >
> > And using IP limitation instead user login works fine.
> >
> > Thanks!!
> >
>
> It should be able to connect from the XP machine, but it depends on
> both being setup correctly, so can you post the smb.conf from the 4.5
> computer.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
_________________________________________

      Daniel Carrasco Marín
      Ingeniería para la Innovación i2TIC, S.L.
      Tlf:  +34 911 12 32 84 Ext: 223
      www.i2tic.com
_________________________________________
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba