Marcio Demetrio Bacci
2015-Dec-28 21:10 UTC
[Samba] Problems to authenticate Ubuntu 14 on Samba4
Hi, I have saw many tutorials to ingress Ubuntu 14 in the Samba4 domain, but none worked properly. I put the Ubuntu workstation in the Domain, but when I try to login, appear the following messenge: "your password will be expire in 42 days " and does not permit the authentication. How can I configure correctly Ubuntu 14 workstation to authenticate in the Samba 4 domain? Thanks Márcio Bacci
On 28/12/15 21:10, Marcio Demetrio Bacci wrote:> Hi, > > I have saw many tutorials to ingress Ubuntu 14 in the Samba4 domain, but > none worked properly. I put the Ubuntu workstation in the Domain, but when > I try to login, appear the following messenge: > > "your password will be expire in 42 days" > > and does not permit the authentication. > > How can I configure correctly Ubuntu 14 workstation to authenticate in the > Samba 4 domain? > > > Thanks > > Márcio BacciHi, you are going to have to give us more info before we can help you, smb.conf, etc/resolv.conf, /etc/krb5.conf etc Also what packages have you installed with the Samba packages. Rowland
Marcio Demetrio Bacci
2015-Dec-28 22:54 UTC
[Samba] Problems to authenticate Ubuntu 14 on Samba4
I'm using Ubuntu 14.04-64 bits
I had installed with apt-get the follows packages
krb5-user krb5-config winbind samba samba-common smbclient cifs-utils
libpam-krb5 libpam-winbind libnss-winbind
The samba version is 4.1.16-Ubuntu
Below are my files of configuration
*/etc/samba/smb.conf*
[global]
netbios name = cliente-ad192
workgroup = EMPRESA
security = ads
realm = EMPRESA.COM
password server = 192.196.40.1
encrypt passwords = yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
preferred master = no
idmap config *:backend = tdb
idmap config *:range = 1000-3000
idmap config EMPRESA:backend = ad
idmap config EMPRESA:schema_mode = rfc2307
idmap config EMPRESA:range = 10000-9999999
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
template homedir = /home/%D/%U
template shell = /bin/bash
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
username map = /etc/samba/user.map
*/etc/krb5.conf*
[libdefaults]
default_realm = EMPRESA.COM
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
EMPRESA.COM = {
kdc = DC1.EMPRESA.COM
admin_server = DC1.EMPRESA.COM
}
[domain_realm]
.empresa.com = EMPRESA.COM
empresa.com = EMPRESA.COM
[login]
krb4_convert = true
krb4_get_tickets = false
*/etc/resolv.conf*
nameserver 192.168.40.1
search empresa.com
*/etc/hosts*127.0.0.1 localhost
127.0.1.1 cliente-ad192.empresa.com cliente-ad192
192.168.40.2 cliente-ad192.empresa.com cliente-ad192
192.168.40.1 dc1.empresa.comdc1
*/etc/nsswitch.conf*
passwd:compat
group:compat
shadow:compat
hosts:files mdns4_minimal [NOTFOUND=return] dns
networks:files
protocols: db files
services:db files
ethers:db files
rpc:db files
netgroup:nis
*/etc/pam.d/common-session*
session [default=1]pam_permit.so
session requisitepam_deny.so
session requiredpam_permit.so
session optionalpam_umask.so
session optionalpam_krb5.so minimum_uid=1000
session requiredpam_unix.so
session optionalpam_winbind.so
session optionalpam_systemd.so
*/usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf *
[SeatDefaults]
user-session=ubuntu
greeter-show-manual-login=true
*/usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf *
[SeatDefaults]
allow-guest=false
greeter-show-remote-login=false
greeter-show-manual-login=true
greeter-session=unity-greeter
Thanks
2015-12-28 19:29 GMT-02:00 Rowland penny <rpenny at samba.org>:
> On 28/12/15 21:10, Marcio Demetrio Bacci wrote:
>
>> Hi,
>>
>> I have saw many tutorials to ingress Ubuntu 14 in the Samba4 domain,
but
>> none worked properly. I put the Ubuntu workstation in the Domain, but
when
>> I try to login, appear the following messenge:
>>
>> "your password will be expire in 42 days"
>>
>> and does not permit the authentication.
>>
>> How can I configure correctly Ubuntu 14 workstation to authenticate in
the
>> Samba 4 domain?
>>
>>
>> Thanks
>>
>> Márcio Bacci
>>
>
> Hi, you are going to have to give us more info before we can help you,
> smb.conf, etc/resolv.conf, /etc/krb5.conf etc
> Also what packages have you installed with the Samba packages.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
L.P.H. van Belle
2015-Dec-29 09:04 UTC
[Samba] Problems to authenticate Ubuntu 14 on Samba4
Remove from localhost. 127.0.1.1 cliente-ad192.empresa.com cliente-ad192 Reboot and try again. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Marcio Demetrio > Bacci > Verzonden: maandag 28 december 2015 23:55 > Aan: Rowland penny > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] Problems to authenticate Ubuntu 14 on Samba4 > > I'm using Ubuntu 14.04-64 bits > > I had installed with apt-get the follows packages > > > krb5-user krb5-config winbind samba samba-common smbclient cifs-utils > libpam-krb5 libpam-winbind libnss-winbind > > The samba version is 4.1.16-Ubuntu > > Below are my files of configuration > > */etc/samba/smb.conf* > [global] > netbios name = cliente-ad192 > workgroup = EMPRESA > security = ads > realm = EMPRESA.COM > password server = 192.196.40.1 > encrypt passwords = yes > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > preferred master = no > idmap config *:backend = tdb > idmap config *:range = 1000-3000 > idmap config EMPRESA:backend = ad > idmap config EMPRESA:schema_mode = rfc2307 > idmap config EMPRESA:range = 10000-9999999 > > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind refresh tickets = yes > template homedir = /home/%D/%U > template shell = /bin/bash > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > username map = /etc/samba/user.map > > > > */etc/krb5.conf* > [libdefaults] > default_realm = EMPRESA.COM > > # The following krb5.conf variables are only for MIT Kerberos. > krb4_config = /etc/krb.conf > krb4_realms = /etc/krb.realms > dns_lookup_realm = false > dns_lookup_kdc = false > ticket_lifetime = 24h > renew_lifetime = 7d > forwardable = true > > [realms] > EMPRESA.COM = { > kdc = DC1.EMPRESA.COM > admin_server = DC1.EMPRESA.COM > } > > [domain_realm] > .empresa.com = EMPRESA.COM > empresa.com = EMPRESA.COM > > [login] > krb4_convert = true > krb4_get_tickets = false > > > > */etc/resolv.conf* > nameserver 192.168.40.1 > search empresa.com > > > */etc/hosts*127.0.0.1 localhost > 127.0.1.1 cliente-ad192.empresa.com cliente-ad192 > 192.168.40.2 cliente-ad192.empresa.com cliente-ad192 > 192.168.40.1 dc1.empresa.comdc1 > > > */etc/nsswitch.conf* > passwd:compat > group:compat > shadow:compat > hosts:files mdns4_minimal [NOTFOUND=return] dns > networks:files > protocols: db files > services:db files > ethers:db files > rpc:db files > netgroup:nis > > > */etc/pam.d/common-session* > session [default=1]pam_permit.so > session requisitepam_deny.so > session requiredpam_permit.so > session optionalpam_umask.so > session optionalpam_krb5.so minimum_uid=1000 > session requiredpam_unix.so > session optionalpam_winbind.so > session optionalpam_systemd.so > > > */usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf * > [SeatDefaults] > user-session=ubuntu > greeter-show-manual-login=true > > > > */usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf * > [SeatDefaults] > allow-guest=false > greeter-show-remote-login=false > greeter-show-manual-login=true > greeter-session=unity-greeter > > > Thanks > > 2015-12-28 19:29 GMT-02:00 Rowland penny <rpenny at samba.org>: > > > On 28/12/15 21:10, Marcio Demetrio Bacci wrote: > > > >> Hi, > >> > >> I have saw many tutorials to ingress Ubuntu 14 in the Samba4 domain, > but > >> none worked properly. I put the Ubuntu workstation in the Domain, but > when > >> I try to login, appear the following messenge: > >> > >> "your password will be expire in 42 days" > >> > >> and does not permit the authentication. > >> > >> How can I configure correctly Ubuntu 14 workstation to authenticate in > the > >> Samba 4 domain? > >> > >> > >> Thanks > >> > >> Márcio Bacci > >> > > > > Hi, you are going to have to give us more info before we can help you, > > smb.conf, etc/resolv.conf, /etc/krb5.conf etc > > Also what packages have you installed with the Samba packages. > > > > Rowland > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba