thr3ads.net - samba - [Samba] Samba 3.2.4, Win 2008 AD require domain name for auth. [Aug 2009]

If this information is useful, please help other people find it:
Share via:

Russ Ward

2009-Aug-21 14:53 UTC

[Samba] Samba 3.2.4, Win 2008 AD require domain name for auth.

I'm hoping someone has seen this before and knows how to resolve it.

I am using samba 3.2.4 with a Windows 2008 AD.  Samba is configured with
security = ADS and works correctly from computers logged into the domain,
but does not allow users that are not in the domain to login by specifying
their username, without domain included, when trying to access a share.  The
user can access the share when they specify DOMAINNAME\USERNAME.

I have tried using a user map and user map script, but neither one seem to
resolve this issue.

Does anyone know how to make samba add the DOMAINNAME to the username before
passing it to the domain controller?

Thanks
-Russ

Details:

This system is running solaris 10, which has an underlying nis providing
user information.

Smb.conf global section:
  [global]
   workgroup = DOMAINNAME
   netbios name = servername
   netbios aliases = servername2
   server string = TEST Samba Server
   os level = 0
   domain master = no
   local master = no
   realm = FQDNINCAPS
   security = ADS
   encrypt passwords = Yes
   restrict anonymous = 2

krb5.conf:
  [libdefaults]
          default_realm = FQDNINCAPS

  [realms]
          FQDNINCAPS = {
          kdc = domaincontroller
          }

  [domain_realms]
          .kerberos.server = FQDNINCAPS

Software versions:
  openssl 0.9.8k
  krb5 1.7, MIT
  openldap 2.4.16
  samba 3.2.4

-- 
+------------------------------------------------------------------------------
|  Russ Ward
+------------------------------------------------------------------------------

Wolfgang Riedmann

2009-Aug-21 15:09 UTC

head link

[Samba] Samba 3.2.4, Win 2008 AD require domain name for auth.

Hi Russ,
> I'm hoping someone has seen this before and knows how to resolve it.
I had the same problems, but haven't found any solution. As workaround I
have modified my
login scripts (with kixtart) to include the domain in the username.

Unfortunately this issue is present since version 3.2.x, with 3.0.x it worked.

Wolfgang


-- 
-- Wolfgang Riedmann
-- Individuelle EDV-L?sungen - Soluzioni informatiche personalizzate
-- I-39012 Meran, Postgranz 16b
-- Telefon +39 0473 201 239
-- http://www.riedmann.it - wolfgang at riedmann.it

Maybe Matching Threads

Search for more seemingly similar threads

samba - Aug 2009 - Samba 3.2.4, Win 2008 AD require domain name for auth.

[Samba] Samba 3.2.4, Win 2008 AD require domain name for auth.

[Samba] Samba 3.2.4, Win 2008 AD require domain name for auth.

Maybe Matching Threads