ORTEGA DOMINGUEZ, GONZALO
2014-Oct-23 11:33 UTC
[Samba] Aix 7.1 + Samba 3.60 + W2003 AD can not access shares
Hello, I have installed and configured Samba 3.6.0 joining a Windows 2003 server domain. wbinfo -u works fine but when I try to access a share I get the following error : Failed to find authenticated user via getpwnam(), denying access Aix client is connecting the DC over a VPN. This is my krb5.conf : [libdefaults] default_realm = MYDOMAIN.COM default_keytab_name = FILE:/etc/krb5/krb5.keytab clockskew = 300 [realms] MYDOMAIN.COM = { kdc = dc.mydomain.com:88 admin_server = dc.mydomain.com:749 default_domain = MYDOMAIN.COM } [domain_realm] .mydomain.com = MYDOMAIN.COM mydomain.com = MYDOMAIN.COM [logging] kdc = FILE:/var/krb5/log/krb5kdc.log admin_server = FILE:/var/krb5/log/kadmin.log kadmin_local = FILE:/var/krb5/log/kadmin_local.log default = FILE:/var/krb5/log/krb5lib.log And this is my smb.conf : [global] workgroup = MYDOMAIN realm = MYDOMAIN.COM server string = AIXCLINT netbios name = aixclient encrypt passwords = yes security = ads log file = /var/log/samba/log.%m dos filetime resolution = yes debug level = 99 max log size = 1000 winbinduid = 30000-40000 winbindgid = 30000-40000 winbind enum users = Yes winbind enum groups = Yes winbind separator = + winbind use default domain = yes read only = No lock directory = /var/locks/samba password server = dc.mydomain.com panic action = "/usr/bin/sleep 90000" socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 bind interfaces only = Yes interfaces = en1 use sendfile = Yes show add printer wizard = No [TMP] comment = TMP path = /tmp/MYUSER valid users = "MYDOMAIN+MYUSER" the same configuration on an AIX 5.3 client in the LAN works fine. I have unjoined and joined to the domain with many changes in Kerberos and smb.conf but no success.
Rowland Penny
2014-Oct-23 12:07 UTC
[Samba] Aix 7.1 + Samba 3.60 + W2003 AD can not access shares
On 23/10/14 12:33, ORTEGA DOMINGUEZ, GONZALO wrote:> Hello, > > > > I have installed and configured Samba 3.6.0 joining a Windows 2003 > server domain. > > wbinfo -u works fine but when I try to access a share I get the > following error : > > > > Failed to find authenticated user via getpwnam(), denying access > > > > Aix client is connecting the DC over a VPN. > > > > This is my krb5.conf : > > > > > > [libdefaults] > > default_realm = MYDOMAIN.COM > > default_keytab_name = FILE:/etc/krb5/krb5.keytab > > clockskew = 300 > > > > [realms] > > MYDOMAIN.COM = { > > kdc = dc.mydomain.com:88 > > admin_server = dc.mydomain.com:749 > > default_domain = MYDOMAIN.COM > > } > > > > [domain_realm] > > .mydomain.com = MYDOMAIN.COM > > mydomain.com = MYDOMAIN.COM > > > > [logging] > > kdc = FILE:/var/krb5/log/krb5kdc.log > > admin_server = FILE:/var/krb5/log/kadmin.log > > kadmin_local = FILE:/var/krb5/log/kadmin_local.log > > default = FILE:/var/krb5/log/krb5lib.log > > > > And this is my smb.conf : > > > > [global] > > workgroup = MYDOMAIN > > realm = MYDOMAIN.COM > > server string = AIXCLINT > > netbios name = aixclient > > encrypt passwords = yes > > security = ads > > log file = /var/log/samba/log.%m > > dos filetime resolution = yes > > debug level = 99 > > max log size = 1000 > > winbinduid = 30000-40000 > > winbindgid = 30000-40000Just where did you get the above two lines from ? you need something like this: idmap config * : backend = tdb idmap config * : range = 2000-9999 idmap config EXAMPLE : backend = ad idmap config EXAMPLE : range = 10000-999999 idmap config EXAMPLE : schema_mode = rfc2307 Rowland> > winbind enum users = Yes > > winbind enum groups = Yes > > winbind separator = + > > winbind use default domain = yes > > read only = No > > lock directory = /var/locks/samba > > password server = dc.mydomain.com > > panic action = "/usr/bin/sleep 90000" > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > bind interfaces only = Yes > > interfaces = en1 > > use sendfile = Yes > > show add printer wizard = No > > > > [TMP] > > comment = TMP > > path = /tmp/MYUSER > > valid users = "MYDOMAIN+MYUSER" > > > > the same configuration on an AIX 5.3 client in the LAN works fine. > > I have unjoined and joined to the domain with many changes in Kerberos > and smb.conf but no success. > > > > > > > > > > > > >
Reasonably Related Threads
- my first samba set-up gives me a headache
- [PATCH server] update host-browser to use ipa commands rather than kadmin
- [PATCH server] Added support for remote logging with rsyslog-gssapi to server.
- snv 77 W2003 domu loses config on reboot/shutdown
- How to properly demote a W2003 from Samba4?