You config/setup.
If you use the server only for squid and only for auth and proxying.
( so no file sharing )
apt-get install squid winbind libnss-winbind libpam-winbind (optional samba )
systemctl stop samba-ad-dc samba nmbd smbd
systemctl disable samba-ad-dc samba nmbd smbd
systemctl mask samba-ad-dc samba nmbd smbd
# add the proxy user to winbindd_priv. Or your auth wont work.
adduser proxy winbindd_priv
( remove the smbd if you need filesharing )
systemctl enable winbind
systemctl start winbind
Read
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member> winbind uid = 10000-20000
> winbind gid = 10000-20000
And see that above is wrong.
Correct the winbind uid/gid settings.
## map id's outside to domain to tdb files.
idmap config *:backend = tdb
idmap config *:range = 2000-9999
## map ids from the domain the range may not overlap !
idmap config MY: backend = rid
idmap config MY: range = 10000-3999999
> winbind enum users = yes
> winbind enum groups = yes
Set these to no, when you done testing, it only slows down you server.
Then for you client connection.
apt-get install smbclient cifs-utils
Add this to libdefault in krb5.conf
; for Windows 2008 with AES, needed by CIFS also. ( dont forget the cifs/spn )
default_tgs_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96
rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96
rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96
rc4-hmac des-cbc-crc des-cbc-md5
And test again with
smbclient -mSMB2 \\server.domain.tld\share
That should do the trick.
If you google a bit more for squid and the samba list, you see more of things i
posted.
You can use that also.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Alex
> Gutiérrez Martínez via samba
> Verzonden: maandag 15 oktober 2018 13:23
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] auth problem
>
> I'm using Ubuntu 18.04 and try to connect a local *samba
> client* to my
> Windows AD. I use the packages squid samba winbind
> libnss-winbind. Both
> machines are already using an *ntp* server for sync.
>
>
> this is my samba config
>
>
> [global]
> netbios name = sqntlm
> workgroup = MY
> security = ADS
> realm = MY.CU
> encrypt passwords = yes
> min protocol = SMB2
> max protocol = SMB3_11
> client min protocol = SMB2
> client max protocol = SMB3_11
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind uid = 10000-20000
> winbind gid = 10000-20000
>
>
> I integrate the client to the AD without problems, i can
> mount folders
> and i can also share folders without problems, but when y try the
> command *wbinfo -a MY\\user1%'123*/'* it show:
>
> *plaintext password authentication succeeded**
> **challenge/response password authentication failed**
> **Could not authenticate user MY\user1 with challenge/response*
>
>
> Can someone be so nice to explain why this is happening.
>
> --
> Saludos Cordiales
>
> Lic. Alex Gutiérrez Martínez
>
> Tel. +53 7 2710327
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
