Paul Sobey
2008-Nov-10 12:22 UTC
[Samba] Connecting to share - errors authenticating machine account - why?
I've got my smb.conf set as follows: [global] disable spoolss = Yes show add printer wizard = No security = ADS log level = 1 realm = FOO.BAR.COM password server = dc.foo.bar.com workgroup = FOO winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = yes idmap backend = ad winbind nss info = rfc2307 use kerberos keytab = yes client lanman auth = no client ntlmv2 auth = yes idmap uid = 10000-15000 idmap gid = 5000-6000 winbind refresh tickets = yes When I connect to a share from a test workstation logged in as me, it takes a while to connect. In the logs, I see this: [2008/11/10 11:58:05, 1] smbd/sesssetup.c:reply_spnego_kerberos(474) Username FOO+WORKSTATIONNAME$ is invalid on this system I presume this is because I have rfc2307 set for winbind nss info? The behaviour I want, which I am seeing, is that only users in AD which have Unix UIDs defined show in getent passwd. Do I need to add a more general pool for rids so that they can be generated on the fly for computer accounts? I am trying to use winbind as a general authentication-against-ad mechanism on lots of servers, but on the servers that run smbd, I also want to be able to serve files to XP clients as 'normally' as possible. I'd appreciate any advice... Cheers, Paul
Apparently Analagous Threads
- Session setup with machine account
- problem connecting DFS-share with winXP - successful with Vista & 7
- Authenticating against AD not working
- winbind/samba 3.0.1-1 fails to store machine account password when joining ADS
- Trouble with access permissions from W2K client to Samba 3.0.2 server
Wisdom of the Ancients
