Web lists-archives.com

Re: [Samba] Samba Domain server authentication




When I checked the samba logs in the PDC, I can see that the member server
made a query about the  'aadamson' user and it that it was successful. Just
as a test I changed the nsswitch to have winbind and then files got the
same result. Do I need to map the domain users to the local users?

On Tue, Apr 3, 2018 at 8:44 AM, Rob Thoman <emailthomasrob@xxxxxxxxx> wrote:

> Hi,
> The setup used to work on a when both file and AD were in the same box.
> We're trying to separate them.
>
> The 'net rpc testjoin' gives: Join to "LIN" is ok.
>
> The wbinfo -u does list all users with "LIN\username". The getent passwd
> lists the LIN\username with all the attrributes". This is after putting in
> your suggestions about winbind trusted domains only and use default domain
> option.
>
> Do I need to change anything on the the PDC side? nsswitch?
>
>
>
>
>
>
>
>
>
>
> On Mon, Apr 2, 2018 at 9:48 PM, Gaiseric Vandal via samba <
> samba@xxxxxxxxxxxxxxx> wrote:
>
>> Is this something that used to work but no longer does?
>>
>> What are the results of "net rpc testjoin" command on the samba server?
>>
>> Is the domain controller also samba?
>>
>>
>> What does "wbinfo -u" command show on the samba server?    On my servers
>> shows "DOMAINNAME\eachuser" but that is with  "winbind trusted domains only
>> = No" and "winbind use default domain = No" set in smb.conf.
>>
>> Does "getent passwd" shows domain users?
>>
>>
>>
>>
>>
>>
>> On 04/02/18 06:21, Rob Thoman via samba wrote:
>>
>>> Hi,
>>>
>>> We're having issues accessing shares from our Samba file server.
>>>
>>> If we try to access the share from a domain joined Windows machine, it
>>> prompts with enter username and password. If we supply the domain
>>> password
>>> it fails. The error that we get is the following.
>>> Failed to find a Unix account for peteruser 'lin\aadamson' (from session
>>> setup) not permitted to access this share (data)
>>> create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
>>>
>>> However, if we  supply the pdcname\username and password it works, as per
>>> below
>>> [2018/03/29 20:04:07.754925,  5] auth/auth_util.c:111(make_user
>>> _info_map)
>>> Mapping user [lin-pdc]\[aaamson] from workstation [PC-WIN-001-AR]
>>>
>>> The server is joined to the Domain
>>>
>>> net rpc join -U tadmin
>>> Enter tadmin's password:
>>> Joined domain LIN.
>>>
>>> Here is
>>> /etc/nssswith.conf
>>>
>>> #passwd:         compat
>>> #group:          compat
>>> #shadow:         compat
>>>
>>> passwd: files winbind
>>> group:  files winbind
>>> shadow: files winbind
>>>
>>> smb.conf
>>>
>>>          workgroup = LIN
>>>          netbios name = LINFS01
>>>          security = domain
>>>          obey pam restrictions = no
>>>         idmap config * : backend = tdb
>>>         idmap config * : range = 3000-7999
>>>
>>> winbind use default domain = yes
>>> winbind enum users = yes
>>> winbind enum groups = yes
>>> wins server = 192.168.100.23
>>>
>>>          password server = lin-pdc
>>>
>>>   [homes]
>>>          comment = our home
>>>          create mask = 0700
>>>          directory mask = 0700
>>>          browseable = No
>>>          read only = No
>>>          path = %H/samba
>>>
>>> other shares are also defined.
>>>
>>> What could be the issue?
>>>
>>> Regards,
>>> RT
>>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba