Andersson Fredrik
2009-Sep-03 11:52 UTC
[Samba] AD integration and machine account access to shares
Dear all, I'm facing a weird problem that I can't seem to find any information about. I have joined in a machine running samba 3.2 into an Active Directory environment (security = ads). Even though user and group access works perfectly, when I try to access with a machine account, it fails to map it. "libsmb/ntlmssp.c:ntlmssp_server_auth(745) Got user=[] domain=[] workstation=[SERVERNAME] len1=1 len2=0" is the only thing I get in the log, after which it falls back to anonymous log-on and maps to guest. I find this odd, seeing as Winbind has no issues retrieving info about machine accounts and their group memberships. I would greatly appreciate any pointers here, as I've not been able to find anything in the documentation or on various forums. Thanks & Regards, Fredrik Relevant info from smb.conf: [global] workgroup = AD1 security = ADS server string = LINUXBOX encrypt passwords = Yes username level = 0 map to guest = Bad User null passwords = yes max log size = 10 socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=32768 SO_RCVBUF=32768 os level = 32 preferred master = Yes dns proxy = No config file = /etc/config/smb.conf smb passwd file=/etc/config/smbpasswd username map = /etc/config/smbusers guest account = guest directory mask = 0777 create mask = 0777 #enable asu support = no force unknown acl user = yes log level = 10 log file = /usr/local/samba/lib/log.%m include = /usr/local/samba/lib/smb.conf.%m oplocks = yes locking = yes disable spoolss = yes load printers = no dos charset = UTF8 force directory security mode = 0000 template shell = /bin/sh veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/. at __thumb/. at __desc/ delete veto files = yes map archive = yes map system = yes map hidden = yes map read only = yes deadtime = 10 ldap suffix = dc=AD1,dc=DOMAIN,dc=COM use sendfile = yes case sensitive = auto display charset = UTF8 unix extensions = no wins support = no realm = ad1.domain.com password server = adserver. ad1.domain.com pam password change = yes winbind separator = + idmap uid = 30001-300000 idmap gid = 30001-300000 winbind enum users = yes winbind enum groups = yes winbind cache time = 3600 winbind use default domain = Yes winbind nested groups = Yes obey pam restrictions = yes
Reasonably Related Threads
- vfs_recycle throwing errors when files are deleted by a Mac on a share with vfs_fruit enabled
- Cannot delete files on the share
- Cannot access HOME folder after upgrading to 4.8 from 4.6
- Lost trusted domain in samba-4.4.4
- Samba/LDAP/Win7 Domain Admins could not log in
Wisdom of the Ancients
