Hi,
we configured a Samba server for filesharing. Samba use kerberos and winbind to
authenticate the user on DomainA.
In DomainA we create a localgroup where we add users from the same domain. But
also we add users from the DomainB who is trusted.
Our problem is that users from DomainB can't get access to the sharing
folders.
The user get an logon popup from windows. If you type in your correct data the
window comes again and again...
Best regards
Paul
Samba 3.0.24
Suse SLE-10-i386
current stat:
Samba Server for Filesharing use ADS for user authentification
DomainA
DomainB Trusted from DomainA
Samba <> DomainA <> DomainB
smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2007-07-05
[global]
# domain settings
workgroup = DOMAINA
realm = DOMAINA.DOM.NET
security = ads
client use spnego = Yes
password server = passwordserver.DOMAINA.DOM.NET
server string = %h server
dns proxy = no
encrypt passwords = true
invalid users = root
socket options = TCP_NODELAY
idmap uid = 100000-150000
idmap gid = 100000-150000
winbind separator = /
winbind use default domain = Yes
winbind cache time = 30
winbind enum users = No
winbind enum groups = No
winbind nested groups = Yes
winbind refresh tickets = Yes
winbind offline logon = No
# log.winbindd
[2008/02/05 11:13:12, 6] param/loadparm.c:lp_file_list_changed(3048)
lp_file_list_changed()
file /etc/samba/shares.conf -> /etc/samba/shares.conf last mod_time: Mon
Feb
4 21:53:19 2008
file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Feb 5
11:12:17 2008
[2008/02/05 11:13:12, 5] auth/auth_util.c:make_user_info_map(161)
make_user_info_map: Mapping user [DOMAINB]\[USER123] from workstation
[COMPUTER123]
[2008/02/05 11:13:12, 5] auth/auth_util.c:make_user_info(75)
attempting to make a user_info for USER123 (USER123)
[2008/02/05 11:13:12, 5] auth/auth_util.c:make_user_info(85)
making strings for USER123's user_info struct
[2008/02/05 11:13:12, 5] auth/auth_util.c:make_user_info(117)
making blobs for USER123's user_info struct
[2008/02/05 11:13:12, 10] auth/auth_util.c:make_user_info(135)
made an encrypted user_info for USER123 (USER123)
[2008/02/05 11:13:12, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user
[DOMAINB]\[USER123]@[COMPUTER123] with the new password interface
[2008/02/05 11:13:12, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [DOMAINA]\[USER123]@[COMPUTER123]
[2008/02/05 11:13:12, 10] auth/auth.c:check_ntlm_password(233)
check_ntlm_password: auth_context challenge created by NTLMSSP callback
(NTLM2)
[2008/02/05 11:13:12, 10] auth/auth.c:check_ntlm_password(235)
challenge is:
[2008/02/05 11:13:12, 5] lib/util.c:dump_data(2225)
[000] FA 5A F2 B5 11 F3 A4 A7 .Z......
[2008/02/05 11:13:12, 10] auth/auth.c:check_ntlm_password(261)
check_ntlm_password: guest had nothing to say
[2008/02/05 11:13:12, 8] lib/util.c:is_myname(2043)
is_myname("DOMAINA") returns 0
[2008/02/05 11:13:12, 6] auth/auth_sam.c:check_samstrict_security(414)
check_samstrict_security: DOMAINA is not one of my local names
(ROLE_DOMAIN_MEMBER)
[2008/02/05 11:13:12, 10] auth/auth.c:check_ntlm_password(261)
check_ntlm_password: sam had nothing to say
[2008/02/05 11:13:12, 3] smbd/sec_ctx.c:push_sec_ctx(208)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/02/05 11:13:12, 3] smbd/uid.c:push_conn_ctx(353)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/02/05 11:13:12, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/02/05 11:13:12, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/02/05 11:13:12, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/02/05 11:13:12, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/02/05 11:13:12, 5] auth/auth.c:check_ntlm_password(273)
check_ntlm_password: winbind authentication for user [USER123] FAILED with
error NT_STATUS_NO_SUCH_USER
[2008/02/05 11:13:12, 2] auth/auth.c:check_ntlm_password(319)
check_ntlm_password: Authentication for user [USER123] -> [USER123] FAILED
with error NT_STATUS_NO_SUCH_USER
--
GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen!
Jetzt dabei sein: http://www.shortview.de/?mc=sv_ext_mf@gmx