Le 28/09/2013 01:15, Jim Jenkins a ?crit :> Hey Gang,
>
> I'm stuck near the end of installing Samba 4 on a Debian Wheezy
machine.
> I'm trying to connect to a Win2k AD.
>
> Basically I can't get "getent passwd" to show domain
accounts. I also
> can't access shares using my credentials. What did I forget?!
>
>
> Here is what works:
> sudo net ads join -U "DOMAINADMIN"
>
> wbinfo -g //shows domain groups!
> wbinfo -u //shows domain users!
>
> I have setup symlinks from */lib/i386-linux-gnu/libnss_winbind.so* to *
> /lib/i386-linux-gnu/libnss_winbind.so
if you did compile samba4, then the correct libnss_winbind.so library is
located at /usr/local/samba/lib/libnss_winbind.so.2 (cf.
http://wiki.samba.org/index.php/Samba4/Winbind#Using_libnss_winbind)
if you used the samba4 (4.0.0~beta2+dfsg1-3.2) package from debian
repository, then you'd better go for the compiled version. The package
in wheezy repository are quite old.
> *
> *smb.conf
> [global]
> workgroup = DOMAIN
> realm = DOMAIN.COM
> server string = %h server
> security = ADS
> map to guest = Bad User
> obey pam restrictions = Yes
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
I guess most of those lines are not needed if you are using AD
authentication I guess.
> unix password sync = Yes
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> dns proxy = No
> usershare allow guests = Yes
> panic action = /usr/share/samba/panic-action %d
> winbind separator = +
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind nss info = rfc2307
> idmap config SHORTDOMAINNAME:range = 500-40000
> idmap config SHORTDOMAINNAME:schema_mode = rfc2307
> idmap config SHORTDOMAINNAME:backend = ad
> idmap config *:range = 70001-80000
> idmap config * : backend = tdb
> store dos attributes = Yes
>
>
> *
> *Besides "getent passwd" failing to show domain accounts, I get
this when I
> attempt to authenticate via a SMB client.
>
>
>
> [2013/09/27 19:03:28.678145, 3]
> ../auth/ntlmssp/ntlmssp_server.c:358(ntlmssp_server_preauth)
> Got user=[TestUser] domain=[DOMAIN] workstation=[BADASS] len1=24
len2=154
> .....
> .....
> [2013/09/27 19:03:28.681267, 3]
> ../source3/auth/auth.c:177(auth_check_ntlm_password)
> check_ntlm_password: Checking password for unmapped user
samba is complaining of "unmapped user", this should go away once
libnss
is proprely configured
Cheers,
Denis
> [**DOMAIN]\[TestUser]@[BADASS]
> with the new password interface
> [2013/09/27 19:03:28.681359, 3]
> ../source3/auth/auth.c:180(auth_check_ntlm_password)
> check_ntlm_password: mapped user is: [**DOMAIN]\[**TestUser]@[BADASS]
> [2013/09/27 19:03:28.691085, 3]
> ../source3/auth/auth_util.c:1247(check_account)
> Failed to find authenticated user **DOMAIN+jjenkins via getpwnam(),
> denying access.
> [2013/09/27 19:03:28.691235, 2]
> ../source3/auth/auth.c:288(auth_check_ntlm_password)
> check_ntlm_password: Authentication for user [jjenkins] ->
[**TestUser]
> FAILED with error NT_STATUS_NO_SUCH_USER
> [2013/09/27 19:03:28.691354, 3]
> ../source3/auth/auth_util.c:1593(do_map_to_guest_server_info)
> No such user jjenkins [**DOMAIN] - using guest account
>
> *
>
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, b?timent A
12 avenue Jules Verne
44230 Saint S?bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr