[Samba] winbind and authentication with local accounts
in [Samba]
|
Prev: [Samba] circumvent the proxy user
Next: Error 0x000003e6 when trying to connect to a printer from w2k8 (x64)
From: Philipp Braband on 13 Jul 2010 05:10 Hi everyone, I have a problem with my samba and winbind configuration: before I switched the config (from local user authentication to AD authentication using winbind) my users were able to authenticate for example as âpeterâ. Now, after switching, they are forced to use SAMBASERVERNAME\peter. If they use only âpeterâ winbind tries to authenticate them against the AD which fails. Is there a way to âteachâ winbind to try to authenticate every user locally if they dont use DOMAIN\peter ? Hope you understand my problem in spite of my bad English ⺠My configuration: SLES11 SP0 samba-3.2.7-11.6 samba-winbind-3.2.7-11.6 krb5-1.6.3-133.10 smb.conf: [global] workgroup = DOMAIN netbios aliases = SAMBASERVER interfaces = eth0, 127.0.0.1/8 bind interfaces only = Yes ;security = ADS security = ADS password server = 192.168.1.1 load printers = No disable spoolss = Yes show add printer wizard = No ;printcap name = cups logon path = \\%L\profiles\.msprofile logon drive = P: logon home = \\%L\%U\.9xprofile encrypt passwords = Yes smb passwd file = /etc/samba/smbpasswd username map = /etc/samba/smbusers kernel oplocks = No ldap ssl = no printing = bsd ;cups options = raw print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j include = /etc/samba/dhcp.conf log level = 1 realm = DOMAIN.DE template homedir = /home/%D/%U template shell = /bin/bash usershare allow guests = No winbind refresh tickets = yes winbind offline logon = yes idmap gid = 10000-20000 idmap uid = 10000-20000 winbind enum users = yes winbind enum groups = yes idmap backend = ad idmap config DOMAIN : backend = ad winbind nss info = rfc2307 krb5.conf [libdefaults] default_realm = DOMAIN.DE clockskew = 300 [realms] DOMAIN.DE = { kdc = 192.168.1.1 admin_server = 192.168.1.1 default_domain = domain.de } [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON [domain_realm] .domain.de = DOMAIN.DE [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false minimum_uid = 1 } Cheers, Philipp ________________________________________________ S&L Netzwerktechnik GmbH Philipp Braband Networking Team Florinstrasse 18 56218 Muelheim-Kaerlich Telefon: +49 261 92736 308 Fax: Email: PBraband(a)sul.de www: http://www.sul.de www: http://www.controlseries.de www: http://www.monitoring-solution.de ________________________________________________ S&L Netzwerktechnik GmbH - Geschaeftsfuehrer Goetz Schmitt, Oliver Schmitt Sitz der Gesellschaft: Muelheim-Kaerlich - Amtsgericht Koblenz HRB 135 53 USt-ID: DE 171698897 - USt-ID: Luxembourg LU 18934643 Diese E-Mail kann vertrauliche und/oder rechtlich geschuetzte Informationen enthalten. Wenn Sie nicht der beabsichtigte Empfaenger sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender telefonisch oder per E-Mail und loeschen Sie diese E-Mail aus Ihrem System. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. Wir haften nicht fuer die Unversehrtheit von E-Mails, nachdem sie unseren Einflussbereich verlassen haben. This e -mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately by call or e-mail and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. We are not responsible for the integrity of e-mails after they have left our sphere of control. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |