On 12/07/15 15:42, Marcio Demetrio Bacci wrote:> I have setup samba 4 as File Server Member Server, But when the users, even
> logged in the domain, click on the share, a box appears asking for
> authentication and the authentication failure.
>
> The member server is in the domain, it see the users and groups (wbinfo –u
> and wbinfo –g), the Kerberos show ticket (klist) for administrator user
> I use Debian 7.2 – 64 bits, on Citrix XenServer with the Samba 4.2.2
> compiled
>
> All the configurations seem OK.
>
>
> this is my smb.conf:
>
> [global]
> netbios name = arquivos
> workgroup = MEUDOMINIO
> security = ADS
> realm = MEUDOMINIO
> encrypt passwords = yes
>
> idmap config *:backend = tdb
> idmap config *:range = 70001-80000
> idmap config MEUDOMINIO:backend = ad
> idmap config MEUDOMINIO:schema_mode = rfc2307
> idmap config MEUDOMINIO:range = 3000000-4000000
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
>
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
> username map = /etc/samba/user.map
>
>
> [Arquivos]
> path = /Compartilhamentos/Arquivos
> read only = no
>
>
> Does somebody have an idea?
Two things spring to mind. First is 'MEUDOMINIO' really the domain dns
name ? your realm & domains should be different i.e. if your AD dns
domain is ad.domain.com , your WORKGROUP would be 'AD' and your realm
would be 'AD.DOMAIN.COM'.
Secondly, have you given your users a uidNumber inside the range you
have set in smb.conf ? have you given Domain Users a gidNumber, again
inside the range you set.
Rowland