Alnis Morics
2017-Feb-06 14:16 UTC
[Samba] Regular users can't log in to Samba AD DC from Windows
On 02/06/2017 15:43, Rowland Penny via samba wrote:> On Mon, 6 Feb 2017 14:47:21 +0200 > Alnis Morics via samba <samba at lists.samba.org> wrote: > >> I see. But I don't necessarily need homedirs and hence PAM configured >> just to log in from Windows and access a file share from there, do I? >> Or even just to log in on Windows to the domain. >> >> Alnis >> > > If you only have windows users and they will never actually log into > the Samba AD DC, then you don't need user homedirs on the DC. > > Rowland > >That's my main problem for now: single sign-on doesn't work. The Windows machine is joined the domain. Domain Administrator can log in with this Windows machine, and other users that I created with samba-tool, can not. Can you suggest a way of how to trace what's going on? Alnis
Rowland Penny
2017-Feb-06 14:36 UTC
[Samba] Regular users can't log in to Samba AD DC from Windows
On Mon, 6 Feb 2017 16:16:28 +0200 Alnis Morics via samba <samba at lists.samba.org> wrote:> > > On 02/06/2017 15:43, Rowland Penny via samba wrote: > > On Mon, 6 Feb 2017 14:47:21 +0200 > > Alnis Morics via samba <samba at lists.samba.org> wrote: > > > >> I see. But I don't necessarily need homedirs and hence PAM > >> configured just to log in from Windows and access a file share > >> from there, do I? Or even just to log in on Windows to the domain. > >> > >> Alnis > >> > > > > If you only have windows users and they will never actually log into > > the Samba AD DC, then you don't need user homedirs on the DC. > > > > Rowland > > > > > > That's my main problem for now: single sign-on doesn't work. The > Windows machine is joined the domain. Domain Administrator can log in > with this Windows machine, and other users that I created with > samba-tool, can not. Can you suggest a way of how to trace what's > going on? > > Alnis >Not sure I understand what you are saying, do you want your users to connect to shares on the DC, or are you saying that your users cannot log into a windows PC joined to the domain ? Rowland
Alnis Morics
2017-Feb-06 15:09 UTC
[Samba] Regular users can't log in to Samba AD DC from Windows
On 02/06/2017 16:36, Rowland Penny via samba wrote:> On Mon, 6 Feb 2017 16:16:28 +0200 > Alnis Morics via samba <samba at lists.samba.org> wrote: > >> >> >> On 02/06/2017 15:43, Rowland Penny via samba wrote: >>> On Mon, 6 Feb 2017 14:47:21 +0200 >>> Alnis Morics via samba <samba at lists.samba.org> wrote: >>> >>>> I see. But I don't necessarily need homedirs and hence PAM >>>> configured just to log in from Windows and access a file share >>>> from there, do I? Or even just to log in on Windows to the domain. >>>> >>>> Alnis >>>> >>> >>> If you only have windows users and they will never actually log into >>> the Samba AD DC, then you don't need user homedirs on the DC. >>> >>> Rowland >>> >>> >> >> That's my main problem for now: single sign-on doesn't work. The >> Windows machine is joined the domain. Domain Administrator can log in >> with this Windows machine, and other users that I created with >> samba-tool, can not. Can you suggest a way of how to trace what's >> going on? >> >> Alnis >> > > Not sure I understand what you are saying, do you want your users to > connect to shares on the DC, or are you saying that your users cannot > log into a windows PC joined to the domain ? > > Rowland >My (domain) users cannot log into a Windows PC joined to the domain. I created those users with samba-tool. Only the domain Administrator can log into this Windows PC. Alnis
Alnis Morics
2017-Feb-06 16:03 UTC
[Samba] Regular users can't log in to Samba AD DC from Windows
>>> That's my main problem for now: single sign-on doesn't work. The>>> Windows machine is joined the domain. Domain Administrator can log in >>> with this Windows machine, and other users that I created with >>> samba-tool, can not. Can you suggest a way of how to trace what's >>> going on? >>> >>> Alnis >>> >> >> Not sure I understand what you are saying, do you want your users to >> connect to shares on the DC, or are you saying that your users cannot >> log into a windows PC joined to the domain ? >> >> Rowland >> >My (domain) users cannot log into a Windows PC joined to the domain. > >I created those users with samba-tool. Only the domain Administrator can log into this Windows PC. > >Alnis Oh, sorry, my PF firewall was on with incompatible rules, plus I've been experimenting with passwords and messed them up. As I turned PF off and reset the user1's password, I could log in with the PC. Now I will have to find out why ADUC doesn't add users to the domain. Thank you, Rowland, for helping. Alnis