Hi,
We're having issues accessing shares from our Samba file server.
If we try to access the share from a domain joined Windows machine, it
prompts with enter username and password. If we supply the domain password
it fails. The error that we get is the following.
Failed to find a Unix account for peteruser 'lin\aadamson' (from session
setup) not permitted to access this share (data)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
However, if we supply the pdcname\username and password it works, as per
below
[2018/03/29 20:04:07.754925, 5] auth/auth_util.c:111(make_user_info_map)
Mapping user [lin-pdc]\[aaamson] from workstation [PC-WIN-001-AR]
The server is joined to the Domain
net rpc join -U tadmin
Enter tadmin's password:
Joined domain LIN.
Here is
/etc/nssswith.conf
#passwd: compat
#group: compat
#shadow: compat
passwd: files winbind
group: files winbind
shadow: files winbind
smb.conf
workgroup = LIN
netbios name = LINFS01
security = domain
obey pam restrictions = no
idmap config * : backend = tdb
idmap config * : range = 3000-7999
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
wins server = 192.168.100.23
password server = lin-pdc
[homes]
comment = our home
create mask = 0700
directory mask = 0700
browseable = No
read only = No
path = %H/samba
other shares are also defined.
What could be the issue?
Regards,
RT
Is this something that used to work but no longer does? What are the results of "net rpc testjoin" command on the samba server? Is the domain controller also samba? What does "wbinfo -u" command show on the samba server? On my servers shows "DOMAINNAME\eachuser" but that is with "winbind trusted domains only = No" and "winbind use default domain = No" set in smb.conf. Does "getent passwd" shows domain users? On 04/02/18 06:21, Rob Thoman via samba wrote:> Hi, > > We're having issues accessing shares from our Samba file server. > > If we try to access the share from a domain joined Windows machine, it > prompts with enter username and password. If we supply the domain password > it fails. The error that we get is the following. > Failed to find a Unix account for peteruser 'lin\aadamson' (from session > setup) not permitted to access this share (data) > create_connection_session_info failed: NT_STATUS_ACCESS_DENIED > > However, if we supply the pdcname\username and password it works, as per > below > [2018/03/29 20:04:07.754925, 5] auth/auth_util.c:111(make_user_info_map) > Mapping user [lin-pdc]\[aaamson] from workstation [PC-WIN-001-AR] > > The server is joined to the Domain > > net rpc join -U tadmin > Enter tadmin's password: > Joined domain LIN. > > Here is > /etc/nssswith.conf > > #passwd: compat > #group: compat > #shadow: compat > > passwd: files winbind > group: files winbind > shadow: files winbind > > smb.conf > > workgroup = LIN > netbios name = LINFS01 > security = domain > obey pam restrictions = no > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > wins server = 192.168.100.23 > > password server = lin-pdc > > [homes] > comment = our home > create mask = 0700 > directory mask = 0700 > browseable = No > read only = No > path = %H/samba > > other shares are also defined. > > What could be the issue? > > Regards, > RT
Hi, The setup used to work on a when both file and AD were in the same box. We're trying to separate them. The 'net rpc testjoin' gives: Join to "LIN" is ok. The wbinfo -u does list all users with "LIN\username". The getent passwd lists the LIN\username with all the attrributes". This is after putting in your suggestions about winbind trusted domains only and use default domain option. Do I need to change anything on the the PDC side? nsswitch? On Mon, Apr 2, 2018 at 9:48 PM, Gaiseric Vandal via samba < samba at lists.samba.org> wrote:> Is this something that used to work but no longer does? > > What are the results of "net rpc testjoin" command on the samba server? > > Is the domain controller also samba? > > > What does "wbinfo -u" command show on the samba server? On my servers > shows "DOMAINNAME\eachuser" but that is with "winbind trusted domains only > = No" and "winbind use default domain = No" set in smb.conf. > > Does "getent passwd" shows domain users? > > > > > > > On 04/02/18 06:21, Rob Thoman via samba wrote: > >> Hi, >> >> We're having issues accessing shares from our Samba file server. >> >> If we try to access the share from a domain joined Windows machine, it >> prompts with enter username and password. If we supply the domain password >> it fails. The error that we get is the following. >> Failed to find a Unix account for peteruser 'lin\aadamson' (from session >> setup) not permitted to access this share (data) >> create_connection_session_info failed: NT_STATUS_ACCESS_DENIED >> >> However, if we supply the pdcname\username and password it works, as per >> below >> [2018/03/29 20:04:07.754925, 5] auth/auth_util.c:111(make_user_info_map) >> Mapping user [lin-pdc]\[aaamson] from workstation [PC-WIN-001-AR] >> >> The server is joined to the Domain >> >> net rpc join -U tadmin >> Enter tadmin's password: >> Joined domain LIN. >> >> Here is >> /etc/nssswith.conf >> >> #passwd: compat >> #group: compat >> #shadow: compat >> >> passwd: files winbind >> group: files winbind >> shadow: files winbind >> >> smb.conf >> >> workgroup = LIN >> netbios name = LINFS01 >> security = domain >> obey pam restrictions = no >> idmap config * : backend = tdb >> idmap config * : range = 3000-7999 >> >> winbind use default domain = yes >> winbind enum users = yes >> winbind enum groups = yes >> wins server = 192.168.100.23 >> >> password server = lin-pdc >> >> [homes] >> comment = our home >> create mask = 0700 >> directory mask = 0700 >> browseable = No >> read only = No >> path = %H/samba >> >> other shares are also defined. >> >> What could be the issue? >> >> Regards, >> RT >> > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >