Server :: Samba Unable To Authenticate In NT Domain
May 3, 2010
We're still using an NT Domain Server, and Samba is already configured properly. But the problem is if the shared folder is configured in samba to be accessed by group and not the domain username, authentication fails even if the user is member of the group.
Example#1: (authentication successful)
[sharedfolder]
valid users = domain+username
Example#2:
[sharedfolder] (authentication fails)
valid users = @domaingroup
Samba version is samba-3.0.33
View 2 Replies
ADVERTISEMENT
May 13, 2010
The company I work for, as usual, is Microsoft-centric. I'm attempting to integrate my Ubuntu server into the domain to allow domain users to authenticate to the server and access file shares using Samba. Here's my current configuration:
[Code].....
View 9 Replies
View Related
Aug 3, 2011
Intent is to use samba+winbind to authenticate Ubuntu desktop against a Windows 2008 R2 domain (seems like I was able to get it working temporarily but it stopped working after some time). Quick overview of the issue: winbind is failing to lookup group ID's for a domain user causing the domain user to receive group errors on login and an inability to use domain groups in other configuration (sudoers, etc)
- Very basic install, boot to Ubuntu Desktop 10.04 LTS 64bit install, basic install options, perform software updates
- Following an Ubuntu AD HowTo [URL]
- Install kerberos, samba, winbind packages
- Make changes to krb5.conf, smb.conf, files in pam.d/ (to make the home directory and restrict login based on group membership, which works even in the half-working state but requires SID instead of text name)
After a reboot I can login as a domain account but I get the following error(s):
groups: cannot find name for group ID #####
##### is usually a number that ranges from 10000 to 10020, based on the smb.conf line regarding idmap I will get multiple group errors (one for each group that the user belongs to that winbind can't lookup for whatever reason, some groups can be resolved - see below) If I log-out and then log-in as a local user I can run the following command: id username The output returns something similar to the following:
uid=10002(username) gid=10003(domain users) groups=10003(domain users),10033,10032,10031,10030,10029,10028,10027,1 0026,10025,10024,10023,10022,10021(some group),10020,10019,10018(some other group),10017,10016,10015,10014,10013,10012,10011(s ome other other group),10010,10009,10008,10007
On a working system (Ubuntu 10.10 and when 10.04 decides to work) each group is followed by parenthesis' and the name of the group, this result clearly shows that some groups can be looked up but for some reason other groups are failing An output of /var/log/samba/log.winbind produces the following entries (that are logged when you run the id command)
[2011/08/03 19:04:39, 1] winbindd/winbindd_ads.c:1137(lookup_groupmem)
lsa_lookupsids call failed with NT_STATUS_PIPE_BROKEN - retrying...
[2011/08/03 19:04:39, 1] winbindd/winbindd_ads.c:1137(lookup_groupmem)
lsa_lookupsids call failed with NT_STATUS_PIPE_BROKEN - retrying...
The above repeats for what looks to be each group that fails (based on count of entries)If I use wbinfo I can resolve text group name to SID and SID to GID
wbinfo -n groupname (returns proper SID)
wbinfo -s SID (returns proper text group name)
wbinfo -Y SID (returns proper linux mapped group ID)
Following that process for a group that my user belongs to that is not resolving (via the id username command) will return the group ID (GID) properly (even though id username fails to lookup info for that same GID) Version Information:
uname -a
Linux hostname 2.6.32-33-generic #71-Ubuntu SMP Wed Jul 20 17:27:30 UTC 2011 x86_64 GNU/Linux
lsb_release -a
No LSB modules are available.
[code]....
View 3 Replies
View Related
Jun 27, 2011
i need to allow window domain controller user to use file share of linux.windows DC user can see the share file and directories of linux file server but not able to access.
below is brief--
I have a Linux machine which is on my network but not on my domain. I have configured SAMBA FILESERVER for file sharing purpose. I have a Windows XP PC which is on the domain(windows server) that I am trying to connect to a share on the Linux box. I supply my credentials but regardless of which login I use I always get Logon Failure. I have created an account on the Linux machine with the same user name and password as my domain account but so far no luck. Can I connect from a domain PC to a non-domain Linux box? Is there something else I should be checking?
View 14 Replies
View Related
Feb 17, 2009
Set up a new cluster service for a cifs share. Has these properties:
Service name = cifs_cases
Autostart is checked
name=cases type=GFS Scope=shared
[code]....
View 1 Replies
View Related
Jan 2, 2010
True or False: If you have a user on your Linux/Samba machine with a password, example:
User = Bob
Password = Password0
And Bob is on an XP computer, where his username is also Bob and his password is also Password0, is it normal for Bob to go to:
\SambaServer, double click on Bob's share (valid users = Bob only) and Bob get RIGHT in without being prompted?
On my prior setup, the user HAD to log in. If they wanted auto login next time with their credentials, they had to check "remember password." But now it's as if Samba knows who they are. It's very strange. What's the normal behavior? Must EVERYBODY authenticate with passwords, or if the Windows credentials are the same as Samba does it just somehow auto-detect it and allow them through?
View 3 Replies
View Related
May 5, 2010
I'm trying to set up a Samba share that's available over the network to a group of users in our institution. Our infrastructure is based on Novell Netware (slowly migrating to OES), and thus our authentication is managed by eDirectory. All our other shares are managed by Netware, but this one lives on a standalone Ubuntu server.
I've succeeded in setting up the share, and users can access it without a problem. The trouble is that currently it only works by treating all users as guest users and giving them the same privileges over the share. Is it possible to get Samba to authenticate users against eDirectory via LDAP? Would I have to get Ubuntu to authenticate against eDirectory, then Samba against Ubuntu, or can Samba do it directly? I've not really worked with LDAP before so I'm unsure where to start.
View 2 Replies
View Related
Oct 8, 2009
I have to rename a group of machines in my little samba domain (tbd backend) but there is an ugly bug that makes this impossible. have set 'rename user script' variable corectly, also checked all configurations.When i change computer name in my windows box, it shows an error saying something like "Error calling remote procedure"Looking on server side, username for the machine gets correctly changed in /usr/passwd, and also in samba database.But samba log says:
===============================================================
[2009/10/08 11:10:32, 0] lib/fault.c:fault_report(42)
INTERNAL ERROR: Signal 11 in pid 11052 (3.0.33-3.7.el5_3.1)
[code]....
View 3 Replies
View Related
Jan 11, 2011
How to authenticate Samba server with another LDAP Server.
- I would like to set up samba server(CentOS5 samba version 3.0.33)for sharing directory. WindowXP client will can access to samba if username and password match with username and password of another existing LDAP server.
- I only know URL and DN of LDAP server and can not modify anything on LDAP Server.
- Can I config at samba server for requirement above.
View 2 Replies
View Related
Dec 18, 2010
I've been configuring a PDC using samba I used this tutorial url as reference. It seems all went well during the installation and configuration not until when I try to join a windows machine to the domain.
Scenario: When the authentication dialog box prompts the username and password of the domain administrator. I supply root as username and its corresponding password. Then I will prompt an error "The user name could not be found. But, I have noticed that when I supply a wrong password of root the it will prompt "Login failure: unknown user name or bad password. It seems that the windows machine was able to recognize the account somehow.
View 8 Replies
View Related
Sep 27, 2010
i have a windows domain and linux ftp server. OSs windows 2003 server and centos 5.5. i would like to integrate this file server to windows domain. And would authenticate users from windows domain.
View 4 Replies
View Related
May 4, 2010
I am attempting to configure vsftpd to allow anonymous users to PUT files into a shared incoming directory. This would be like a dropbox for my customers. Ideally, the incoming directory's contents would not be viewable by the users.
I believe that refused connection is due to the PAM configuration for vsftpd.
May 4 08:03:16 WSVM-S1-1 sshd[1512]: Invalid user anonymous from xxx.xxx.xxx.xxx
May 4 08:03:16 WSVM-S1-1 sshd[1513]: input_userauth_request: invalid user anonymous
May 4 08:03:16 WSVM-S1-1 sshd[1512]: pam_unix(sshd:auth): check pass; user unknown
[Code].....
View 3 Replies
View Related
Mar 15, 2010
I've been fighting with the Samba server for a while and I'm a bit frustrated at this point. When I try to add machines to my domain I get the "The username could not be found error" here is my smb.conf...
Code:
[global]
workgroup = INMANONE
netbios name = PDC
server string = Inman Domain Controller
os level = 64
security = user
passdb backend = tdbsam
domain logons = yes
domain master = yes
local master = yes .....
View 3 Replies
View Related
Oct 12, 2010
I have some important cgi files run on top of Apache inside cgi-bin directory.My requirement is to once user try to access the cgi file authenticate using Active Directory username/password. If user enter the correct domain credentials only user aloow access to the page in any time user trying to access otherwise not. I configured this using htaccess and htpasswd.But in this case I need to manually configure username/password for htpasswd file. Instead of this I want to authenticate with the Active Directory.
View 1 Replies
View Related
Sep 21, 2010
I want to set a log off script for samba domain users. Actually I am facing a huge temp files related problem. So I want to set a batch file which will run when domain user log off. When user logout then batch file run and delete all temp files.I have already set batch file local group policy and it works for me, but I wants to set it from server side.
View 1 Replies
View Related
Oct 14, 2010
I have a samba server for company file shares but we do not use domain services or active directory service. Each workstation is its own standalone system. (And we want to keep it this way.) I would like to have some centralized authentication though, and it looks like Kerberos will provide that. After a lot of searching though, I can't find any instructions for setting up samba to authenticate users using kerberos without an ADS (active directory service) or domain. Is this possible?
View 1 Replies
View Related
Feb 1, 2011
I'm configuring a classroom based on Linux (just Linux, without Windows) with user mobility. What I want is that any student will use its own 'username/password' on whatever computer getting its own data and without having to define every user on every computer. As far as Samba is very useful, even when I don't need Windows support I decided to base the solution on Samba. Right now I still have some problems and the solution doesn't work in my test environment. I defined a PDC (Samba 3.5 Domain Controller) on a Fedora 13 with 'homes', starting nmb and smb and it seems to work. On a Ubuntu 10.10 Workstation I built a Samba 'Domain Member Server' starting nmb, smb and winbind.
First question: should I define 'homes' on this server or not? I assumed 'not' as the 'homes' you have to use are the ones defined on the PDC, not on the DMS.
Second question: does winbind run just on DMS? Not on the PDC too?
I defined the DMS 'machine' and some domain users on the PDC and I could 'join' the DMS to the PDC without any problem (join rpc ...) From the workstation I can use smbclient seeing a domain with two servers, one of which is the controller. I can connect to the home shares using the domain users which are authorized by the PDC. On the DMS I paid attention on nsswitch.conf and pam file running 'pam-auth-update'. So 'webinfo -u' provides a list of users on the domain, local users and domain users. The problem arrives when I try to connect from the session login screen on the workstation to 'mydomainmyuser'. PDC validates the user, if the password is right, and I get connected but not to my PDC homes.
Instead I get some errors starting with:
'could not update ICEAuthoriy file /home/mydomain/myuser/.ICEAuthority'
It seems I'm in an empty space in an open but useless session which I can close later on.
Hereafter you will see the short smb.conf reported by testparm:
PDC
[global]
workgroup = TESO-DOM
server string = Samba Server Version %v
interfaces = lo, wlan0
bind interfaces only = Yes .....
View 6 Replies
View Related
Feb 13, 2010
i have configured samba as file server in fedora 11,it works fine for both windows and linux machines .but i want to configure ldap and samba as domain controller. Googled a lot on internet every thing is confusing me .
View 2 Replies
View Related
Feb 27, 2011
My Windows 2003 domain has three domain controllers. All of them are configured as global catalog servers, but my krb.conf and krb5.conf only contain a reference to one of them. What if the DC referenced is down? Should my files reference the other DCs? The contents of my files follow...
krb.conf
--------
MYDOMAIN.COM dc01.MYDOMAIN.COM:88
MYDOMAIN.COM dc01.MYDOMAIN.COM:749 admin server[code]...........
View 1 Replies
View Related
Mar 2, 2011
How do I configure samba such that AD authentication still works when a DC is down? Do I need multiple kdc, admin_server, and kpasswd_server entries in krb5.conf?
View 3 Replies
View Related
Aug 26, 2010
One of our servers crashed due to hard drive problems. We were able restore data from backups; however the only info on the samba PDC portion of the server we have are the local and domain SIDs. Armed with only this info; is there a way to recreate the previous domain so the users and machine accounts could recognize it?
View 1 Replies
View Related
Jul 5, 2010
I'm setting up a PDC Samba server on centos5.4. All tasks are well done but on adding new machine in my domain I have a this error message: Error occurred when attempt to join your machine in domain "invalid user name".
samba.log
Code:
[2010/07/05 12:34:55, 2] smbd/sesssetup.c:setup_new_vc_session(1212)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2010/07/05 12:34:55, 2] smbd/sesssetup.c:setup_new_vc_session(1212)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2010/07/05 12:34:55, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded
[2010/07/05 12:34:55, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2919)
Returning domain sid for domain RAPHAELLO -> S-1-5-21-3852106609-489253481-401883016
smb.conf .....
I think that the machine account is missed or miss matched.
View 1 Replies
View Related
Oct 21, 2010
CentoS 5.5
[root@osra ~]# rpm -q samba3x
samba3x-3.3.8-0.52.el5_5.2
[root@osra ~]# rpm -q krb5-workstation
krb5-workstation-1.6.1-36.el5_5.5
Domain controller windows 2k3 sp3
I follow those guides: [URL] and [URL]. I join the domain, I can test the user
[root@osra ~]# wbinfo -a mbottalico%
plaintext password authentication succeeded
challenge/response password authentication succeeded
[root@osra ~]# wbinfo -u
administrator
guest
krbtgt
[root@osra ~]# wbinfo -g
utenti wins
dhcp users
dhcp administrators
computer del dominio
controller di dominio
getent passwd and group ok without "DOMAIN+"
kinit e klist ok.
I can browser the samba server, but I can enter on "temp", but not in "test" (access denied)
[root@osra ~]# smbclient \\osra\test -U administrator
Enter administrator's password:
Domain=[DOMAINSHORT] OS=[Unix] Server=[Samba 3.3.8-0.52.el5_5.2]
smb: > ls
NT_STATUS_NETWORK_ACCESS_DENIED listing * (I noticed only writing this message)
[root@osra ~]# smbclient \\osra\tmp -U administrator
Enter administrator's password:
Domain=[DOMAINSHORT] OS=[Unix] Server=[Samba 3.3.8-0.52.el5_5.2]
smb: > dir .....
53488 blocks of size 2097152. 49908 blocks available
smb: > q
0 blocks of size 0. 511 blocks available .....
View 2 Replies
View Related
Aug 26, 2010
I use OpenSuse 11.3 and I successfully built a samba/openldap server. However the raoming profiles were not working so I removed the roaming profile part of the samba and the openldap using ldap account manager. I also rejoined a couple of the computers back to the domain successfully (it was not an instaneous join, it took a good minute or 2 to join each pc). Now I cannot cannot login to any of these computers with the domain credentials. I can share using the UNC path no problem and this was working find about 1 week ago.
On 1 of the computers Iw as able to finally get a log file saying this:
View 2 Replies
View Related
Apr 20, 2010
I've been working for hours with Samba on Ubuntu Server 9.10 (Samba version 3.4.0), trying to get it setup simply as a fileserver that performs authentication to an NT 4 server (yes, I know, old and out of date). After much struggling, I finally realized that my configuration *was* working when the clients connecting (from XP, and Win2k clients, mostly) were actually joined to the domain (where the PDC is the NT 4 Server) and logged into the domain.For various reasons, many of the Windows clients at this location don't actually log into the domain, even though they have login/passwords that are valid users on the domain and they'll typically have some drives mapped to the PDC.
By the way, I have this working on another Linux box running Samba 3.0.28, so I'm sure it's possible, I'm just lost as to how to do it.I can provide plenty more information if it would help diagnose the situation. Does anyone have an idea of how I can get this to work? I'm sure it's possible, since the exact scenario worked in a recent version of Samba.
View 1 Replies
View Related
Jul 21, 2010
I don't know if this is possible... I want that only some of a Windows Domain(Samba) users can to logging in a machine.For example: The user Peter of the domain WORKSPACE can connect to the PC1, but the user Charly of the domain WORKSPACE can not connect to the PC1. How I can implement this?
View 5 Replies
View Related
Oct 29, 2010
I have an OpenSuSe Server configured with DNS, Samba (PDC + WINS), LDAP, Squid All this is in a hybrid scenario with other OpenSuse acting as clients and some Windows 7 also as clients. Everything works perfect. Both systems are able to join and authenticate in the Samba server very smoothly.
My problem is that in my workspace I have several different subnets/VLANS. So I have another OpenSuSe client here that needs to join the domain and authenticate with the samba server, but he just cant find it via the Windows Domain Membership setup screen (where I usually configure the others).
The server can pe pinged, and it does resolv local domain names. It seems the problem is that I have no place to configure a PDC/WINS server in Linux Client. It only asks me for the domain to join, and then it doesnt find it (Im guessing this happens because it cant receive the broadcasts from the server network).
Is there any way to declare the Samba/PDC/WINS server on the client side?
View 10 Replies
View Related
Sep 27, 2010
I want to Migrate Win2003 Domain Controller to Samba with All Settings Current Setup: Working Win2003 Domain Controller (DC)with home directories, group policies, shared printer, disk quotas. how to migrate all these settings to Samba Domain Controller. I have tried to search but didn't get detailed information.
View 14 Replies
View Related
Jun 10, 2010
Im running a Samba server as a PDC
Every thing works fine When I log in it creates a folder on the server for the user. when the user logs out, it is copying the user data to the server, for example folders like Documents,Favorites and so on.
My problem is,Im using a Dutch version of Windows 7 but the folders sync are English
View 4 Replies
View Related
Nov 1, 2009
is possible configure a samba server to a Backup Domain Controller in a windows 2003 Domain ? I have a Primary Domain controller Windows server 2003 , can integrate my network with a linux samba Backup Domain Controller server ?
View 1 Replies
View Related
