Hi Gianluca Thanks a lot for your response!
spnego: *From the Official Samba-3 HOWTO (Section 6.6.3, page 80): * "Windows 2003 requires SMB signing. Client-side SMB signing has been implemented in Samba 3.0. Set client use spnego = yes when communicating with a Windows 2003 server." AD is 2003 I map now groups AND users. --> It still does not work... any idea? On 5/10/07, Gianluca Culot <[EMAIL PROTECTED]> wrote:
> -----Messaggio originale----- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > conto di Urs Golla > Inviato: giovedì 10 maggio 2007 10.04 > A: samba@lists.samba.org > Oggetto: Re: R: [Samba] security = ads --> invalide user > > > Hi > > Still the same problem... > > I think the connection to the domain is ok. because if i use a > non existent > user, the log says: "FAILED with error NT_STATUS_NO_SUCH_USER" > > If I use a wrong password is gives me also a different error message. > > cheers > > On 5/10/07, Gianluca Culot <[EMAIL PROTECTED]> wrote: > > > > > > > -----Messaggio originale----- > > > Da: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] > > > conto di Urs Golla > > > Inviato: giovedì 10 maggio 2007 9.44 > > > A: samba@lists.samba.org > > > Oggetto: [Samba] security = ads --> invalide user > > > > > > > > > Hello > > > > > > I try to run SAMBA with security = ads on AIX 5.3 with SAMBA 3.0.23d . > > > "net ads join" was successful and the machine is now visible in the > > Domain > > > with the netbios name. > > > > > > When I try to access the shares on the machine the log.smbd > files says: > > > > > > (...) > > > [2007/05/10 08:58:16, 1] smbd/sesssetup.c:reply_spnego_kerberos(310) > > > Username MYDOMAIN/MYUSERNAME is invalid on this system > > > [2007/05/10 08:58:16, 3] smbd/error.c:error_packet(146) > > > error packet at smbd/sesssetup.c(315) cmd=115 (SMBsesssetupX) > > > NT_STATUS_LOGON_FAILURE > > > (...) > > > > > > > > > ****************************************************** > > > smb.conf: > > > > > > [global] > > > winbind separator = / > > > netbios name = MYNETBIOSNAME > > > winbind enum users = yes > > > workgroup = MYDOMAIN > > > winbind enum groups = yes > > > #password server = * > > > password server = MYPASSWORDSERVER > > > encrypt passwords = yes > > > dns proxy = no > > > realm = MYREALM > > > security = ADS > > > wins proxy = no > > > winbind use default domain = Yes > > > client use spnego = yes > > > #idmap uid = 10000-20000 > > > #winbind gid = 10000-20000 > > > preferred master = no > > > log level = 3 > > > wins server = x.x.x.x > > > #auth methods = guest sam winbind > > > #idmap uid = 10000-20000 > > > idmap gid = 10000-20000 > > > > > > > > > [testsamba] > > > comment = Samba testfolder > > > path = /testsamba > > > read only = no > > > valid users = MYDOMAIN/USERNAME > > > > > > ****************************************************** > > > > > > I also maped the domain groups with "net groupmap" > > > > > > # ./net groupmap list > > > Domain Users (S-1-5-21-3687956107-1621720357-3427760348-513) -> > > > domainusers > > > Domain Guests (S-1-5-21-3687956107-1621720357-3427760348-997) > -> nobody > > > Administrators (S-1-5-32-544) -> 5000 > > > mygroup (S-1-5-21-3687956107-1621720357-3427760348-14001) -> mygroup > > > Users (S-1-5-32-545) -> 5001 > > > > > > --> MYDOMAIN/USERNAME is a member of MYDOMAIN/mygroup > > > **************************************************************** > > > > > > Why does it say "invalide user"? I think I should also be able to > > > browse the > > > shares without a valid user... > > > > > > any help is much appreciated!!! > > > > > > Regards > > > Urs > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > > > I would check > > winbind separator = / > > > > to my knowlegde it should be > > winbind separator = \ > > > > or could be commented as its default is \ > > > > I've setup a samba 3.0.24,1 on freebsd with ads against a Windows2003 > > Server > > and I did not specified Winbind Separator > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > Why did you mapped only GROUPS idmap gid = 10000-20000 and NOT users ? #idmap uid = 10000-20000 why have you set client use spnego = yes what AD server are you connecting to ? Here is my copy of smb.conf have a look, and check differences... My only problem at the moment is that LS (list file) comand doesn't show me AD users and group names, but only IDs. not a Problem, but makes server management extremely dificult to not Pro people. [global] workgroup = MYDOMAIN realm = MYDOMAIN.IT server string = mail security = ADS password server = server.MYDOMAIN.it passdb backend = tdbsam log file = /var/log/samba/log.%m add user script = /usr/sbin/pw useradd %u delete user script = /usr/sbin/pw userdel %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/pw groupdel %g preferred master = No idmap uid = 10000-49999 idmap gid = 10000-49999 template homedir = /home/%U template shell = /bin/csh winbind cache time = 3600 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 idmap config DMSWARE:range = 10000 - 49999 idmap config DMSWARE:base_rid = 1000 idmap config DMSWARE:backend = ad
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba