Can join AD 2003 domain; can't list shares from other servers
in [Samba]
|
Prev: [Samba] Winbind - DUAL_SID2UID empty domain?
Next: krb5 library issues when Compiling 3.5.2 and 3.4.7 on AIX 5.3
From: Michael Leone on 23 Apr 2010 19:00 No, dim-win2300 knows who turgon is. ;-) in fact, I am logged in on the console of dim-win2300 right now. And turgon is a Domain Admin. It was the account I used to join the laptop to the domain with. And it did join, as I see the laptop machine account in AD. So I think it must be something else ... On 4/23/10, grant little <grantliddle(a)gmail.com> wrote: > On Fri, Apr 23, 2010 at 10:14 AM, Mike Leone <turgon(a)mike-leone.com> wrote: > >> I set up an old laptop with Xubuntu 9.10. I configured Samba as to work >> with my Win2003 AD domain that has MS Services for Unix installed. >> >> I can get a Kerberos ticket. I successfully added the laptop to the AD >> domain. wbinfo -a shows me all users, domain and local. wbinfo -g shows me >> all groups. wbinfo -a user%password returns successfully. "getent passwd" >> works as expected - I see local users, and domain users. >> >> "net ads info" works correctly, returning info. >> >> LDAP server: 10.0.0.60 >> LDAP server name: dim-win2300.DaCrib.local >> Realm: DACRIB.LOCAL >> Bind Path: dc=DACRIB,dc=LOCAL >> LDAP port: 389 >> Server time: Fri, 23 Apr 2010 13:12:53 EDT >> KDC server: 10.0.0.60 >> Server time offset: 1 >> >> And yet: >> >> $ smbclient -L workhorse >> Enter turgon's password: >> session setup failed: NT_STATUS_ACCESS_DENIED >> >> I have no idea why it's failing; I'm not seeing anything in the samba or >> winbind logs. (workhorse is Ubuntu 9.10, configured as a domain member >> server) >> >> I can do the reverse; from "workhorse" I can see all the shares on the >> laptop: >> >> turgon(a)workhorse:~$ smbclient -L turgon-laptop >> Enter turgon's password: >> Domain=[DACRIB] OS=[Unix] Server=[Samba 3.4.0] >> >> Sharename Type Comment >> --------- ---- ------- >> IPC$ IPC IPC Service (turgon-laptop server (Samba >> 3.4.0, Domain: DACRIB, Server: turgon-laptop - NT1)) >> print$ Disk Printer Drivers >> Domain=[DACRIB] OS=[Unix] Server=[Samba 3.4.0] >> >> Server Comment >> --------- ------- >> TURGON-LAPTOP turgon-laptop server (Samba 3.4.0, Domain: , >> Ser >> >> Workgroup Master >> --------- ------- >> DACRIB >> >> Hints as to where to go next? It must be something wrong on this specific >> laptop, since it works from my other server, >> but I dunno where, since all the other tests work. Firewall is off, on >> both machines. >> >> =============================== >> smb.conf: >> >> [global] >> workgroup = DACRIB >> realm = DACRIB.LOCAL >> server string = %h server (Samba %v, Domain: %D, Server: %L - R) >> security = ads >> map to guest = Bad User >> >> client use spnego = true >> client ntlmv2 auth = yes >> >> eventlog list = Application System Security SyslogLinux >> >> # PAM AUTH >> encrypt passwords = yes >> obey pam restrictions = Yes >> pam password change = true >> password server = dim-win2300.DaCrib.local >> passwd program = /usr/bin/passwd %u >> passwd chat = *Enter\snew\s*\spassword:* %n\n >> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . >> unix password sync = Yes >> >> log level = 3 >> syslog = 0 >> log file = /var/log/samba/log.%m >> max log size = 1000 >> >> domain master = No >> local master = No >> os level = 2 >> >> dns proxy = No >> usershare allow guests = Yes >> panic action = /usr/share/samba/panic-action %d >> >> # WINBIND >> >> idmap config DACRIB: default = true >> idmap uid = 10000-20000 >> idmap gid = 10000-20000 >> idmap config DACRIB:schema_mode = rfc2307 >> >> winbind enum users = Yes >> winbind enum groups = Yes >> winbind use default domain = Yes >> winbind nested groups = Yes >> winbind refresh tickets = true >> winbind nss info = rfc2307 >> winbind separator = + >> >> template homedir = /home/%D/%u >> template shell = /bin/bash >> >> ; invalid users = root >> create mask = 0700 >> directory mask = 0775 >> writable = Yes >> enable privileges = Yes >> restrict anonymous = 2 >> >> wide links = no >> >> socket options = TCP_NODELAY >> >> >> -- >> >> I get the exact same thing happening on my Ubuntu 9.10 currently running > 3.5.0rc2 (until I figure out how to manage 3.5.2 on Ubuntu 9.10) > > However if I do > smbclient -L mysambaserver -UanADuserthatcanlogintothisserver > > it works just fine and returns the goods. So my guess is that > dim-win2300.DaCrib.local doesn't know who turgon is... > -- Sent from my mobile device Michael J. Leone, <mailto:turgon(a)mike-leone.com> PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |