Web lists-archives.com

Re: [Samba] Samba Domain server authentication




Is this something that used to work but no longer does?

What are the results of "net rpc testjoin" command on the samba server?

Is the domain controller also samba?


What does "wbinfo -u" command show on the samba server?    On my servers shows "DOMAINNAME\eachuser" but that is with  "winbind trusted domains only = No" and "winbind use default domain = No" set in smb.conf.

Does "getent passwd" shows domain users?





On 04/02/18 06:21, Rob Thoman via samba wrote:
Hi,

We're having issues accessing shares from our Samba file server.

If we try to access the share from a domain joined Windows machine, it
prompts with enter username and password. If we supply the domain password
it fails. The error that we get is the following.
Failed to find a Unix account for peteruser 'lin\aadamson' (from session
setup) not permitted to access this share (data)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED

However, if we  supply the pdcname\username and password it works, as per
below
[2018/03/29 20:04:07.754925,  5] auth/auth_util.c:111(make_user_info_map)
Mapping user [lin-pdc]\[aaamson] from workstation [PC-WIN-001-AR]

The server is joined to the Domain

net rpc join -U tadmin
Enter tadmin's password:
Joined domain LIN.

Here is
/etc/nssswith.conf

#passwd:         compat
#group:          compat
#shadow:         compat

passwd: files winbind
group:  files winbind
shadow: files winbind

smb.conf

         workgroup = LIN
         netbios name = LINFS01
         security = domain
         obey pam restrictions = no
        idmap config * : backend = tdb
        idmap config * : range = 3000-7999

winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
wins server = 192.168.100.23

         password server = lin-pdc

  [homes]
         comment = our home
         create mask = 0700
         directory mask = 0700
         browseable = No
         read only = No
         path = %H/samba

other shares are also defined.

What could be the issue?

Regards,
RT



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba