Hi All,
I have an update. I did snoop the network and found, when I use IP to connect
to the share, samba server sends packets to Windows AD. If I try to connect
using hostname, samba server does not make any attempts to connect to Windows
AD.
It looks more like problem on the smb.conf side. If somebody has experienced
this problem in past then please help.
(PS: I am using MIT Kerberos + Open LDAP and Samba - all current versions.)
Thanks
Nitin
> From: nitintha...@hotmail.com
> To: samba@lists.samba.org
> Date: Wed, 10 Oct 2012 23:14:47 -0400
> Subject: [Samba] users map with ADS not working
>
>
> Hi All
>
> I am running two instances of samba on same box. One instance of samba has
> joined AD domain ABC and the other 123. My workstation is on ABC domain and
> when I try to connect to samba server on ABC domain, it asks me for user name
> and password and then fails. If I put IP address instead it works. At the
> same time, when I try to connect to 123 domain, it asks me for user name and
> password and authenticates me without any problem. I set the debug level to 9
> on both the instances. I am not running winbind - please dont ask me why. The
> strange problem is when a user who has same unix and windows account in ABC
> domain, when he tries to log into the samba server which is on ABC domain, it
> works with hostname where as folks who has different accounts on windows and
> unix, it dosent work for them with hostname but with IP.
>
> The Global section of both the instances is similar, here is the global
> section of samba server which is binding to ABC domain: -
>
> #=== Global Settings =
> [global]
>
> socket options = TCP_NODELAY IPTOS_LOWDELAY
> netbios name = TST-SMB-DEV
> workgroup = ABC
> server string = tst-smb-dev Server ver %v
> security = ADS
> log file = /opt/local/samba-3.6.7/dev/logs/log.%m
> max log size = 50
> password server = AD1.ABC.com AD2.ABC.com
> encrypt passwords = yes
> realm = ABC.COM
> local master = no
> domain master = no
> domain logons = no
> dns proxy = no
> smb passwd file = /opt/local/samba-3.6.7/dev/private
> private dir = /opt/local/samba-3.6.7/dev/private
> username map = /opt/local/samba-3.6.7/dev/users.map
> pid directory = /opt/local/samba-3.6.7/dev
> bind interfaces only = yes
> wins support = no
> domain master = no
> locking = yes
> lock directory = /opt/local/samba-3.6.7/dev/var/locks
> preserve case = yes
> short preserve case = yes
> load printers = no
> printcap name = /dev/null
> deadtime = 15
> preferred master = no
> guest account = nobody
> guest ok = no
> syslog = 0
> interfaces = 10.20.20.3
> socket address = 10.20.20.3
> kerberos method = system keytab
> log level = 9
>
>
> Here are the logs when user whose mapping is defined in users.map tries to
> log into samba instance which is binding to ABC domain
>
> [2012/10/10 15:07:11.896408, 3] libads/authdata.c:332(decode_pac_data)
> Found account name from PAC: foo [Foo Bar]
> [2012/10/10 15:07:11.896530, 3]
> auth/user_krb5.c:50(get_user_from_kerberos_info)
> Kerberos ticket principal name is [f...@abc.com]
> [2012/10/10 15:07:11.896611, 4] auth/user_util.c:361(map_username)
> Scanning username map /opt/local/samba-3.6.7/dev/users.map
> [2012/10/10 15:07:11.896665, 3] auth/user_util.c:402(map_username)
> Mapped user ABC\foo to bar
> [2012/10/10 15:07:11.896725, 5] lib/username.c:171(Get_Pwnam_alloc)
> Finding user bar
> [2012/10/10 15:07:11.896758, 5] lib/username.c:116(Get_Pwnam_internals)
> Trying _Get_Pwnam(), username as lowercase is bar
> [2012/10/10 15:07:11.897025, 5] lib/username.c:149(Get_Pwnam_internals)
> Get_Pwnam_internals did find user [bar]!
> [2012/10/10 15:07:11.897418, 6] param/loadparm.c:7490(lp_file_list_changed)
> lp_file_list_changed()
> file /opt/local/Samba/lib/smb.conf.dev -> /opt/local/Samba/lib/smb.conf.dev
> last mod_time: Wed Oct 10 15:06:58 2012
>
> [2012/10/10 15:07:11.897530, 5] lib/username.c:171(Get_Pwnam_alloc)
> Finding user ABC\foo
> [2012/10/10 15:07:11.897562, 5] lib/username.c:116(Get_Pwnam_internals)
> Trying _Get_Pwnam(), username as lowercase is ABC\foo
> [2012/10/10 15:07:11.897648, 5] lib/username.c:124(Get_Pwnam_internals)
> Trying _Get_Pwnam(), username as given is ABC\foo
> [2012/10/10 15:07:11.897725, 5] lib/username.c:134(Get_Pwnam_internals)
> Trying _Get_Pwnam(), username as uppercase is ABC\foo
> [2012/10/10 15:07:11.897798, 5] lib/username.c:143(Get_Pwnam_internals)
> Checking combinations of 0 uppercase letters in ABC\foo
> [2012/10/10 15:07:11.897832, 5] lib/username.c:149(Get_Pwnam_internals)
> Get_Pwnam_internals didn't find user [ABC\foo]!
> [2012/10/10 15:07:11.897861, 5] lib/username.c:171(Get_Pwnam_alloc)
> Finding user foo
> [2012/10/10 15:07:11.897896, 5] lib/username.c:116(Ge
