Le 28/09/2013 01:15, Jim Jenkins a écrit :
Hey Gang,
I'm stuck near the end of installing Samba 4 on a Debian Wheezy machine.
I'm trying to connect to a Win2k AD.
Basically I can't get "getent passwd" to show domain accounts. I also
can't access shares using my credentials. What did I forget?!
Here is what works:
sudo net ads join -U "DOMAINADMIN"
wbinfo -g //shows domain groups!
wbinfo -u //shows domain users!
I have setup symlinks from */lib/i386-linux-gnu/libnss_winbind.so* to *
/lib/i386-linux-gnu/libnss_winbind.so
if you did compile samba4, then the correct libnss_winbind.so library is
located at /usr/local/samba/lib/libnss_winbind.so.2 (cf.
http://wiki.samba.org/index.php/Samba4/Winbind#Using_libnss_winbind)
if you used the samba4 (4.0.0~beta2+dfsg1-3.2) package from debian
repository, then you'd better go for the compiled version. The package
in wheezy repository are quite old.
*
*smb.conf
[global]
workgroup = DOMAIN
realm = DOMAIN.COM
server string = %h server
security = ADS
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
I guess most of those lines are not needed if you are using AD
authentication I guess.
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
idmap config SHORTDOMAINNAME:range = 500-40000
idmap config SHORTDOMAINNAME:schema_mode = rfc2307
idmap config SHORTDOMAINNAME:backend = ad
idmap config *:range = 70001-80000
idmap config * : backend = tdb
store dos attributes = Yes
*
*Besides "getent passwd" failing to show domain accounts, I get this when I
attempt to authenticate via a SMB client.
[2013/09/27 19:03:28.678145, 3]
../auth/ntlmssp/ntlmssp_server.c:358(ntlmssp_server_preauth)
Got user=[TestUser] domain=[DOMAIN] workstation=[BADASS] len1=24 len2=154
.....
.....
[2013/09/27 19:03:28.681267, 3]
../source3/auth/auth.c:177(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user
samba is complaining of "unmapped user", this should go away once libnss
is proprely configured
Cheers,
Denis
[**DOMAIN]\[TestUser]@[BADASS]
with the new password interface
[2013/09/27 19:03:28.681359, 3]
../source3/auth/auth.c:180(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [**DOMAIN]\[**TestUser]@[BADASS]
[2013/09/27 19:03:28.691085, 3]
../source3/auth/auth_util.c:1247(check_account)
Failed to find authenticated user **DOMAIN+jjenkins via getpwnam(),
denying access.
[2013/09/27 19:03:28.691235, 2]
../source3/auth/auth.c:288(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [jjenkins] -> [**TestUser]
FAILED with error NT_STATUS_NO_SUCH_USER
[2013/09/27 19:03:28.691354, 3]
../source3/auth/auth_util.c:1593(do_map_to_guest_server_info)
No such user jjenkins [**DOMAIN] - using guest account
*
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
