On Thu, 2022-04-28 at 09:10 +0200, lists--- via samba
wrote:> Dear list,
>
> I installed a AD-Member Server, and now I would like to enable two
> users
> with local accounts to do a 'su' to AD-accounts - but that fails,
> the
> session is closed immediatly.
>
> /var/log/auth.log
> Apr 28 08:43:12 afpfp1 su: pam_krb5(su:auth): authentication
> failure;
> logname=%ADNAME%\%USERNAME% uid=1000 euid=0 tty=pts/1
> ruser=%LOCALUSER%
> rhost> Apr 28 08:43:12 afpfp1 su: pam_unix(su:auth): authentication
> failure;
> logname=%LOCALUSER% uid=1000 euid=0 tty=pts/1 ruser=%LOCALUSER%
> rhost=
> user=%ADNAME%\%USERNAME%
> Apr 28 08:43:12 afpfp1 su: pam_winbind(su:auth): getting password
> (0x00000388)
> Apr 28 08:43:12 afpfp1 su: pam_winbind(su:auth): pam_get_item
> returned a
> password
> Apr 28 08:43:12 afpfp1 su: pam_winbind(su:auth): user
> '%ADNAME%\%USERNAME%' granted access
> Apr 28 08:43:12 afpfp1 su: (to %ADNAME%\%USERNAME%) %LOCALUSER% on
> pts/1
> Apr 28 08:43:12 afpfp1 su: pam_unix(su:session): session opened for
> user
> %ADNAME%\%USERNAME%(uid=130224) by %LOCALUSER%(uid=1000)
> Apr 28 08:43:12 afpfp1 su: pam_unix(su:session): session closed for
> user
> %ADNAME%\%USERNAME%
>
> Does anybody has a hint for me?
>
> Cheers,
> Torsten
Can you post your smb.conf from the computer you are running 'su' on. I
think I know what is happening, but I need to see the smb.conf to
confirm this.
Rowland