[Samba] samba, ads, winbind and active directory - Samba

This is a discussion on [Samba] samba, ads, winbind and active directory - Samba ; I can enumerate users and groups from the domain but I cannot authenticate the users. Any help? -- Jas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba...

+ Reply to Thread
Results 1 to 3 of 3

Thread: [Samba] samba, ads, winbind and active directory

  1. [Samba] samba, ads, winbind and active directory

    I can enumerate users and groups from the domain but I cannot
    authenticate the users.

    Any help?

    --
    Jas
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba


  2. Re: [Samba] samba, ads, winbind and active directory

    Do you not get any result for a 'getent passwd', and yes for 'wbinfo -u' ?
    I think I had the same problem before, I'll try to remember it.

    David Molina


    On Tue, May 27, 2008 at 3:25 PM, Jason Gerfen
    wrote:

    > I can enumerate users and groups from the domain but I cannot authenticate
    > the users.
    >
    > Any help?
    >
    > --
    > Jas
    > --
    > To unsubscribe from this list go to the following URL and read the
    > instructions: https://lists.samba.org/mailman/listinfo/samba
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba


  3. Re: [Samba] samba, ads, winbind and active directory

    That is correct. Some more information so that I might receive some help
    with this.

    I can perform the following commands without problem:
    wbinfo -t
    wbinfo -m
    wbinfo -g
    wbinfo -u
    wbinfo --krb5auth=user%password

    I am not able to do the following:
    getent group
    getent passwd
    net use x: \\valhalla\test /user:user (from a windows machine)

    Anyone know what I am doing wrong or could perhaps provide some more
    insight? I am definitely seeing somethings in the logs that I am unsure
    of how to fix. Any help, pointers etc are appreciated.

    Some log data:
    [log.winbindd-idmap]
    [2008/05/27 14:20:18, 10] nsswitch/idmap_util.c:idmap_sid_to_uid(125)
    sid [S-1-5-21-2868754479-89028146-2101856903-88475] not mapped to an
    uid [2,1,2885498664]

    Contents of my smb.conf
    [global]
    workgroup = scl
    realm = SCL.UTAH.EDU
    server string = valhalla.scl.utah.edu
    netbios name = valhalla

    password server = *
    encrypt passwords = true
    security = ads

    os level = 20

    allow trusted domains = no
    auth methods = winbind

    ldap ssl = no

    interfaces = eth0, lo
    bind interfaces only = yes
    socket options = TCP_NODELAY

    log level = 20
    log file = /var/log/samba3/log.%m
    max log size = 50

    client signing = yes
    client schannel = no
    client use spnego = yes

    preferred master = no
    local master = no
    domain master = no
    wins proxy = no
    dns proxy = No

    template shell = /bin/bash
    nt acl support = yes
    inherit permissions = yes
    create mask = 0775
    template homedir = /home/%U

    winbind uid = 1000-2000000
    winbind gid = 500-2000000
    winbind separator = /
    winbind enum users = yes
    winbind enum groups = yes
    winbind nested groups = yes
    winbind use default domain = yes
    winbind offline logon = true
    winbind nss info = sfu

    idmap uid = 1000-2000000
    idmap gid = 500-2000000
    idmap domains = THEDOMAIN
    idmap config THEDOMAIN:backend = ad
    idmap config THEDOMAIN:default = yes
    idmap config THEDOMAIN:schema_mode = rfc2307
    idmap config THEDOMAIN:range = 1000 - 300000000


    printcap name = cups
    printing = cups
    load printers = yes
    cups options = raw
    print command =
    lpq command = %p
    lprm command =

    [test]
    comment = testing
    browsable = yes
    read only = yes
    create mode = 0644
    path = /home/jason

    David Molina Cuevas wrote:
    > Do you not get any result for a 'getent passwd', and yes for 'wbinfo -u' ?
    > I think I had the same problem before, I'll try to remember it.
    >
    > David Molina
    >
    >
    > On Tue, May 27, 2008 at 3:25 PM, Jason Gerfen
    > wrote:
    >
    >> I can enumerate users and groups from the domain but I cannot authenticate
    >> the users.
    >>
    >> Any help?
    >>
    >> --
    >> Jas
    >> --
    >> To unsubscribe from this list go to the following URL and read the
    >> instructions: https://lists.samba.org/mailman/listinfo/samba
    >>

    >



    --
    Jas
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba


+ Reply to Thread