On 02/09/13 13:12, Andrea Venturoli wrote:
There are some message in event viewer which confirm the fact that my
samba is contacting the Windows servers for authentication (which
succeeds or fails normally).
I'm investigating further.
I did some further testing:
_ winbindd authenticates correctly against the trusted domain;
_ smbd, however, won't recognize the user and we have two cases:
a) if an user with the same name exists in the Samba domain, it will
be mistakenly choosen; this is enough for browsing (smbclient -L);
b) if an user with the same name does not exist in the Samba domain,
browsing will fail;
_ even in case a), no access will be granted to a share.
I searched the web and saw a lot of other people having the same or
similar problem; I even found bug reports about this and got discouraged.
Since this was happening on a production box and we could not stand this
trouble anymore, I moved back to Samba 3.5, since
I then prepared a new box, with Samba 3.6, configured as a member of the
Samba domain and continued my tests there.
A message in the logs finally opened my eyes:
[2013/02/12 18:11:16.282916, 0] passdb/lookup_sid.c:1684(get_primary_group_sid)
Failed to find a Unix account for nagcheckUser nagcheck in passdb, but
getpwnam() fails!
So I went in /etc/nsswitch.conf and changed
passwd: files ldap
to
passwd: files ldap winbindd
Everything started working as expected.
Now, before I try again on the production server (which is also the
PDC), I'm asking for confirmation that this might have been the cause.
This was not needed under Samba 3.5; is it really needed with 3.6?
No way to avoid this, given I won't in any case have any local file
owned by the trusted domain users?
bye & Thanks
av.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
