Alnis Morics
2017-Feb-06 15:09 UTC
[Samba] Regular users can't log in to Samba AD DC from Windows
On 02/06/2017 16:36, Rowland Penny via samba wrote:> On Mon, 6 Feb 2017 16:16:28 +0200 > Alnis Morics via samba <samba at lists.samba.org> wrote: > >> >> >> On 02/06/2017 15:43, Rowland Penny via samba wrote: >>> On Mon, 6 Feb 2017 14:47:21 +0200 >>> Alnis Morics via samba <samba at lists.samba.org> wrote: >>> >>>> I see. But I don't necessarily need homedirs and hence PAM >>>> configured just to log in from Windows and access a file share >>>> from there, do I? Or even just to log in on Windows to the domain. >>>> >>>> Alnis >>>> >>> >>> If you only have windows users and they will never actually log into >>> the Samba AD DC, then you don't need user homedirs on the DC. >>> >>> Rowland >>> >>> >> >> That's my main problem for now: single sign-on doesn't work. The >> Windows machine is joined the domain. Domain Administrator can log in >> with this Windows machine, and other users that I created with >> samba-tool, can not. Can you suggest a way of how to trace what's >> going on? >> >> Alnis >> > > Not sure I understand what you are saying, do you want your users to > connect to shares on the DC, or are you saying that your users cannot > log into a windows PC joined to the domain ? > > Rowland >My (domain) users cannot log into a Windows PC joined to the domain. I created those users with samba-tool. Only the domain Administrator can log into this Windows PC. Alnis
Rowland Penny
2017-Feb-06 16:07 UTC
[Samba] Regular users can't log in to Samba AD DC from Windows
On Mon, 6 Feb 2017 17:09:27 +0200 Alnis Morics via samba <samba at lists.samba.org> wrote:> > On 02/06/2017 16:36, Rowland Penny via samba wrote: > > On Mon, 6 Feb 2017 16:16:28 +0200 > > Alnis Morics via samba <samba at lists.samba.org> wrote: > > > >> > >> > >> On 02/06/2017 15:43, Rowland Penny via samba wrote: > >>> On Mon, 6 Feb 2017 14:47:21 +0200 > >>> Alnis Morics via samba <samba at lists.samba.org> wrote: > >>> > >>>> I see. But I don't necessarily need homedirs and hence PAM > >>>> configured just to log in from Windows and access a file share > >>>> from there, do I? Or even just to log in on Windows to the > >>>> domain. > >>>> > >>>> Alnis > >>>> > >>> > >>> If you only have windows users and they will never actually log > >>> into the Samba AD DC, then you don't need user homedirs on the DC. > >>> > >>> Rowland > >>> > >>> > >> > >> That's my main problem for now: single sign-on doesn't work. The > >> Windows machine is joined the domain. Domain Administrator can log > >> in with this Windows machine, and other users that I created with > >> samba-tool, can not. Can you suggest a way of how to trace what's > >> going on? > >> > >> Alnis > >> > > > > Not sure I understand what you are saying, do you want your users to > > connect to shares on the DC, or are you saying that your users > > cannot log into a windows PC joined to the domain ? > > > > Rowland > > > My (domain) users cannot log into a Windows PC joined to the domain. > > I created those users with samba-tool. Only the domain Administrator > can log into this Windows PC. > > Alnis >I seem to remember something about freebsd, what filesystem are you using and what were your ./config optiond when you built Samba ? Rowland
Alnis Morics
2017-Feb-06 17:03 UTC
[Samba] Regular users can't log in to Samba AD DC from Windows
On 02/06/2017 18:07, Rowland Penny via samba wrote:> On Mon, 6 Feb 2017 17:09:27 +0200 > Alnis Morics via samba <samba at lists.samba.org> wrote: > >> >> On 02/06/2017 16:36, Rowland Penny via samba wrote: >>> On Mon, 6 Feb 2017 16:16:28 +0200 >>> Alnis Morics via samba <samba at lists.samba.org> wrote: >>> >>>> >>>> >>>> On 02/06/2017 15:43, Rowland Penny via samba wrote: >>>>> On Mon, 6 Feb 2017 14:47:21 +0200 >>>>> Alnis Morics via samba <samba at lists.samba.org> wrote: >>>>> >>>>>> I see. But I don't necessarily need homedirs and hence PAM >>>>>> configured just to log in from Windows and access a file share >>>>>> from there, do I? Or even just to log in on Windows to the >>>>>> domain. >>>>>> >>>>>> Alnis >>>>>> >>>>> >>>>> If you only have windows users and they will never actually log >>>>> into the Samba AD DC, then you don't need user homedirs on the DC. >>>>> >>>>> Rowland >>>>> >>>>> >>>> >>>> That's my main problem for now: single sign-on doesn't work. The >>>> Windows machine is joined the domain. Domain Administrator can log >>>> in with this Windows machine, and other users that I created with >>>> samba-tool, can not. Can you suggest a way of how to trace what's >>>> going on? >>>> >>>> Alnis >>>> >>> >>> Not sure I understand what you are saying, do you want your users to >>> connect to shares on the DC, or are you saying that your users >>> cannot log into a windows PC joined to the domain ? >>> >>> Rowland >>> >> My (domain) users cannot log into a Windows PC joined to the domain. >> >> I created those users with samba-tool. Only the domain Administrator >> can log into this Windows PC. >> >> Alnis >> > > I seem to remember something about freebsd, what filesystem are you > using and what were your ./config optiond when you built Samba ? > > Rowland >My filesystem is UFS (v.2), I enabled ACLs with: tunefs -a enable <filesystem-device> and placed the "rw,acls" options into fstab, although the "mount" showed they are enabled even without that option in fstab. Extended File Attributes are supported. ./configure options were "--without-systemd --man-dir=/usr/local/man" Rowland, we were probably writing simultaneously, and you didn't notice I wrote that I finally managed to log in with that user1. Either passwords were messed up while I experimented with them (samba-tool user password/setpassword) or firewall was in the way, or both. Thanks for helping, Alnis
Seemingly Similar Threads
- Regular users can't log in to Samba AD DC from Windows
- Regular users can't log in to Samba AD DC from Windows
- Regular users can't log in to Samba AD DC from Windows
- Regular users can't log in to Samba AD DC from Windows
- Regular users can't log in to Samba AD DC from Windows