Hi!
I have a problem with a Samba share, in a Windows 2003 AD Domain, I am
setting up a machine with Ubuntu 14.04 and Samba 4.1.6 into the AD and I
want to make a samba share but I need to use the format user at fqdn to
mount the share in a Windows 7 but I have a no_such_user error.
?It is possible to use this format?
If I use the format DOMAIN\user it works perfect, ?can I change the
behavior?
My smb.conf:
[global]
workgroup = REALM
security = domain
realm = FQDN
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m.log
idmap config *:backend = rid
idmap config *:range = 5000-100000
winbind allow trusted domains = yes
winbind trusted domains only = no
winbind use default domain = no
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
template shell = /bin/bash
winbind nested groups = yes
[smbserver]
comment = smbserver
path = /opt/smbserver
browseable = yes
guest ok = yes
read only = no
valid users = @"domain users at fqdn"
And my error in /var/samba/auth/IP.log:
/[2015/06/15 18:07:25.091446, 3]
../source3/auth/auth.c:177(auth_check_ntlm_password)/
/ check_ntlm_password: Checking password for unmapped user
[]\[user at fqdn]@[PCSOURCE] with the new password interface/
/[2015/06/15 18:07:25.091482, 3]
../source3/auth/auth.c:180(auth_check_ntlm_password)/
/ check_ntlm_password: mapped user is: [PCTARGET]\[user at fqdn]@[PCSOURCE]/
/[2015/06/15 18:07:25.091568, 3]
../source3/auth/check_samsec.c:399(check_sam_security)/
/ check_sam_security: Couldn't find user 'user at fqdn' in passdb./
/[2015/06/15 18:07:25.091610, 3]
../source3/auth/auth_winbind.c:60(check_winbind_security)/
/ check_winbind_security: Not using winbind, requested domain
[PCTARGET] was for this SAM./
/[2015/06/15 18:07:25.091642, 2]
../source3/auth/auth.c:288(auth_check_ntlm_password)/
/ check_ntlm_password: Authentication for user [user at fqdn] ->
[user at fqdn] FAILED with error NT_STATUS_NO_SUCH_USER/
/[2015/06/15 18:07:25.091687, 2]
../auth/gensec/spnego.c:743(gensec_spnego_server_negTokenTarg)/
/ SPNEGO login failed: NT_STATUS_NO_SUCH_USER/
/[2015/06/15 18:07:25.092851, 3]
../source3/smbd/server_exit.c:212(exit_server_common)/
/ Server exit (NT_STATUS_CONNECTION_RESET)/
But, if I use DOMAIN\user:
/[2015/06/15 18:12:38.262123, 3]
../source3/auth/auth.c:177(auth_check_ntlm_password)//
// check_ntlm_password: Checking password for unmapped user
[DOMAIN]\[user]@[PCSOURCE] with the new password interface//
//[2015/06/15 18:12:38.262199, 3]
../source3/auth/auth.c:180(auth_check_ntlm_password)//
// check_ntlm_password: mapped user is: [DOMAIN]\[user]@[PCSOURCE]//
//[2015/06/15 18:12:38.372607, 3]
../source3/auth/auth.c:226(auth_check_ntlm_password)//
// check_ntlm_password: winbind authentication for user [user] succeeded//
//[2015/06/15 18:12:38.372708, 2]
../source3/auth/auth.c:278(auth_check_ntlm_password)//
// check_ntlm_password: authentication for user [user] -> [user] ->
[DOMAIN\user] succeeded//
//[2015/06/15 18:12:38.372774, 3]
../auth/ntlmssp/ntlmssp_sign.c:547(ntlmssp_sign_init)//
// NTLMSSP Sign/Seal - Initialising with flags://
//[2015/06/15 18:12:38.372811, 3]
../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)//
// Got NTLMSSP neg_flags=0xe2088215//
//[2015/06/15 18:12:38.375181, 3]
../source3/groupdb/mapping.c:830(pdb_create_builtin_alias)//
// pdb_create_builtin_alias: Could not get a gid out of winbind//
//[2015/06/15 18:12:38.375250, 2]
../source3/auth/token_util.c:456(finalize_local_nt_token)//
// WARNING: Failed to create BUILTIN\Administrators group! Can Winbind
allocate gids?//
//[2015/06/15 18:12:38.376633, 3]
../source3/groupdb/mapping.c:830(pdb_create_builtin_alias)//
// pdb_create_builtin_alias: Could not get a gid out of winbind//
//[2015/06/15 18:12:38.376700, 2]
../source3/auth/token_util.c:480(finalize_local_nt_token)//
// WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate
gids?//
//[2015/06/15 18:12:38.377999, 3]
../source3/smbd/password.c:144(register_homes_share)//
// Adding homes service for user 'DOMAIN\user' using home directory:
'/home/DOMAIN/user'/
?Something for investigate?
Thank you all in advance
On 15/06/15 17:17, Javier Mart? wrote:> Hi! > > I have a problem with a Samba share, in a Windows 2003 AD Domain, I am > setting up a machine with Ubuntu 14.04 and Samba 4.1.6 into the AD and > I want to make a samba share but I need to use the format user at fqdn to > mount the share in a Windows 7 but I have a no_such_user error. > > ?It is possible to use this format? > > If I use the format DOMAIN\user it works perfect, ?can I change the > behavior? > > My smb.conf: > > [global] > workgroup = REALM > security = domain > realm = FQDN > encrypt passwords = yes > log level = 3 > log file = /var/log/samba/%m.log > idmap config *:backend = rid > idmap config *:range = 5000-100000 > winbind allow trusted domains = yes > winbind trusted domains only = no > winbind use default domain = no > winbind enum users = yes > winbind enum groups = yes > winbind refresh tickets = yes > template shell = /bin/bash > winbind nested groups = yes > [smbserver] > comment = smbserver > path = /opt/smbserver > browseable = yes > guest ok = yes > read only = no > valid users = @"domain users at fqdn" > > And my error in /var/samba/auth/IP.log: > > /[2015/06/15 18:07:25.091446, 3] > ../source3/auth/auth.c:177(auth_check_ntlm_password)/ > / check_ntlm_password: Checking password for unmapped user > []\[user at fqdn]@[PCSOURCE] with the new password interface/ > /[2015/06/15 18:07:25.091482, 3] > ../source3/auth/auth.c:180(auth_check_ntlm_password)/ > / check_ntlm_password: mapped user is: > [PCTARGET]\[user at fqdn]@[PCSOURCE]/ > /[2015/06/15 18:07:25.091568, 3] > ../source3/auth/check_samsec.c:399(check_sam_security)/ > / check_sam_security: Couldn't find user 'user at fqdn' in passdb./ > /[2015/06/15 18:07:25.091610, 3] > ../source3/auth/auth_winbind.c:60(check_winbind_security)/ > / check_winbind_security: Not using winbind, requested domain > [PCTARGET] was for this SAM./ > /[2015/06/15 18:07:25.091642, 2] > ../source3/auth/auth.c:288(auth_check_ntlm_password)/ > / check_ntlm_password: Authentication for user [user at fqdn] -> > [user at fqdn] FAILED with error NT_STATUS_NO_SUCH_USER/ > /[2015/06/15 18:07:25.091687, 2] > ../auth/gensec/spnego.c:743(gensec_spnego_server_negTokenTarg)/ > / SPNEGO login failed: NT_STATUS_NO_SUCH_USER/ > /[2015/06/15 18:07:25.092851, 3] > ../source3/smbd/server_exit.c:212(exit_server_common)/ > / Server exit (NT_STATUS_CONNECTION_RESET)/ > > But, if I use DOMAIN\user: > > /[2015/06/15 18:12:38.262123, 3] > ../source3/auth/auth.c:177(auth_check_ntlm_password)// > // check_ntlm_password: Checking password for unmapped user > [DOMAIN]\[user]@[PCSOURCE] with the new password interface// > //[2015/06/15 18:12:38.262199, 3] > ../source3/auth/auth.c:180(auth_check_ntlm_password)// > // check_ntlm_password: mapped user is: [DOMAIN]\[user]@[PCSOURCE]// > //[2015/06/15 18:12:38.372607, 3] > ../source3/auth/auth.c:226(auth_check_ntlm_password)// > // check_ntlm_password: winbind authentication for user [user] > succeeded// > //[2015/06/15 18:12:38.372708, 2] > ../source3/auth/auth.c:278(auth_check_ntlm_password)// > // check_ntlm_password: authentication for user [user] -> [user] -> > [DOMAIN\user] succeeded// > //[2015/06/15 18:12:38.372774, 3] > ../auth/ntlmssp/ntlmssp_sign.c:547(ntlmssp_sign_init)// > // NTLMSSP Sign/Seal - Initialising with flags:// > //[2015/06/15 18:12:38.372811, 3] > ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)// > // Got NTLMSSP neg_flags=0xe2088215// > //[2015/06/15 18:12:38.375181, 3] > ../source3/groupdb/mapping.c:830(pdb_create_builtin_alias)// > // pdb_create_builtin_alias: Could not get a gid out of winbind// > //[2015/06/15 18:12:38.375250, 2] > ../source3/auth/token_util.c:456(finalize_local_nt_token)// > // WARNING: Failed to create BUILTIN\Administrators group! Can > Winbind allocate gids?// > //[2015/06/15 18:12:38.376633, 3] > ../source3/groupdb/mapping.c:830(pdb_create_builtin_alias)// > // pdb_create_builtin_alias: Could not get a gid out of winbind// > //[2015/06/15 18:12:38.376700, 2] > ../source3/auth/token_util.c:480(finalize_local_nt_token)// > // WARNING: Failed to create BUILTIN\Users group! Can Winbind > allocate gids?// > //[2015/06/15 18:12:38.377999, 3] > ../source3/smbd/password.c:144(register_homes_share)// > // Adding homes service for user 'DOMAIN\user' using home directory: > '/home/DOMAIN/user'/ > > ?Something for investigate? > > Thank you all in advance >You don't seem to have set up samba correctly, have a look here: https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server Rowland
Thanks! I have review my configuration and now it works with the
following config:
[global]
netbios name = PCSERVER
workgroup = REALM
security = ADS
realm = FQDN
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m.log
idmap config *:backend = tdb
idmap config *:range = 2000-100000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = no
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
map untrusted to domain = yes
El 15/06/15 a las 18:43, Rowland Penny escribi?:> On 15/06/15 17:17, Javier Mart? wrote:
>> Hi!
>>
>> I have a problem with a Samba share, in a Windows 2003 AD Domain, I
>> am setting up a machine with Ubuntu 14.04 and Samba 4.1.6 into the AD
>> and I want to make a samba share but I need to use the format
>> user at fqdn to mount the share in a Windows 7 but I have a
no_such_user
>> error.
>>
>> ?It is possible to use this format?
>>
>> If I use the format DOMAIN\user it works perfect, ?can I change the
>> behavior?
>>
>> My smb.conf:
>>
>> [global]
>> workgroup = REALM
>> security = domain
>> realm = FQDN
>> encrypt passwords = yes
>> log level = 3
>> log file = /var/log/samba/%m.log
>> idmap config *:backend = rid
>> idmap config *:range = 5000-100000
>> winbind allow trusted domains = yes
>> winbind trusted domains only = no
>> winbind use default domain = no
>> winbind enum users = yes
>> winbind enum groups = yes
>> winbind refresh tickets = yes
>> template shell = /bin/bash
>> winbind nested groups = yes
>> [smbserver]
>> comment = smbserver
>> path = /opt/smbserver
>> browseable = yes
>> guest ok = yes
>> read only = no
>> valid users = @"domain users at fqdn"
>>
>> And my error in /var/samba/auth/IP.log:
>>
>> /[2015/06/15 18:07:25.091446, 3]
>> ../source3/auth/auth.c:177(auth_check_ntlm_password)/
>> / check_ntlm_password: Checking password for unmapped user
>> []\[user at fqdn]@[PCSOURCE] with the new password interface/
>> /[2015/06/15 18:07:25.091482, 3]
>> ../source3/auth/auth.c:180(auth_check_ntlm_password)/
>> / check_ntlm_password: mapped user is:
>> [PCTARGET]\[user at fqdn]@[PCSOURCE]/
>> /[2015/06/15 18:07:25.091568, 3]
>> ../source3/auth/check_samsec.c:399(check_sam_security)/
>> / check_sam_security: Couldn't find user 'user at fqdn' in
passdb./
>> /[2015/06/15 18:07:25.091610, 3]
>> ../source3/auth/auth_winbind.c:60(check_winbind_security)/
>> / check_winbind_security: Not using winbind, requested domain
>> [PCTARGET] was for this SAM./
>> /[2015/06/15 18:07:25.091642, 2]
>> ../source3/auth/auth.c:288(auth_check_ntlm_password)/
>> / check_ntlm_password: Authentication for user [user at fqdn] ->
>> [user at fqdn] FAILED with error NT_STATUS_NO_SUCH_USER/
>> /[2015/06/15 18:07:25.091687, 2]
>> ../auth/gensec/spnego.c:743(gensec_spnego_server_negTokenTarg)/
>> / SPNEGO login failed: NT_STATUS_NO_SUCH_USER/
>> /[2015/06/15 18:07:25.092851, 3]
>> ../source3/smbd/server_exit.c:212(exit_server_common)/
>> / Server exit (NT_STATUS_CONNECTION_RESET)/
>>
>> But, if I use DOMAIN\user:
>>
>> /[2015/06/15 18:12:38.262123, 3]
>> ../source3/auth/auth.c:177(auth_check_ntlm_password)//
>> // check_ntlm_password: Checking password for unmapped user
>> [DOMAIN]\[user]@[PCSOURCE] with the new password interface//
>> //[2015/06/15 18:12:38.262199, 3]
>> ../source3/auth/auth.c:180(auth_check_ntlm_password)//
>> // check_ntlm_password: mapped user is: [DOMAIN]\[user]@[PCSOURCE]//
>> //[2015/06/15 18:12:38.372607, 3]
>> ../source3/auth/auth.c:226(auth_check_ntlm_password)//
>> // check_ntlm_password: winbind authentication for user [user]
>> succeeded//
>> //[2015/06/15 18:12:38.372708, 2]
>> ../source3/auth/auth.c:278(auth_check_ntlm_password)//
>> // check_ntlm_password: authentication for user [user] -> [user]
->
>> [DOMAIN\user] succeeded//
>> //[2015/06/15 18:12:38.372774, 3]
>> ../auth/ntlmssp/ntlmssp_sign.c:547(ntlmssp_sign_init)//
>> // NTLMSSP Sign/Seal - Initialising with flags://
>> //[2015/06/15 18:12:38.372811, 3]
>> ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)//
>> // Got NTLMSSP neg_flags=0xe2088215//
>> //[2015/06/15 18:12:38.375181, 3]
>> ../source3/groupdb/mapping.c:830(pdb_create_builtin_alias)//
>> // pdb_create_builtin_alias: Could not get a gid out of winbind//
>> //[2015/06/15 18:12:38.375250, 2]
>> ../source3/auth/token_util.c:456(finalize_local_nt_token)//
>> // WARNING: Failed to create BUILTIN\Administrators group! Can
>> Winbind allocate gids?//
>> //[2015/06/15 18:12:38.376633, 3]
>> ../source3/groupdb/mapping.c:830(pdb_create_builtin_alias)//
>> // pdb_create_builtin_alias: Could not get a gid out of winbind//
>> //[2015/06/15 18:12:38.376700, 2]
>> ../source3/auth/token_util.c:480(finalize_local_nt_token)//
>> // WARNING: Failed to create BUILTIN\Users group! Can Winbind
>> allocate gids?//
>> //[2015/06/15 18:12:38.377999, 3]
>> ../source3/smbd/password.c:144(register_homes_share)//
>> // Adding homes service for user 'DOMAIN\user' using home
directory:
>> '/home/DOMAIN/user'/
>>
>> ?Something for investigate?
>>
>> Thank you all in advance
>>
>
> You don't seem to have set up samba correctly, have a look here:
>
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>
> Rowland
>