jaja, das gute alte Thema, immer wieder ein Problem damit

Ich hab einen Active Directory Server Windows 2003 und möchte, dass sich die User an meinem Samba Linux Server darüber anmelden können. Die Authentifizierung an sich läuft auch an sich gut, aber NUR beim Benutzer die auch lokal angelegt in der /etc/passwd stehen, bei welchen die darin nicht stehen funktioniert das nicht.

Ich habe Samba 3.0.27 und hier mal meine Konfiguration:

[global]

        workgroup = ABC

        realm = ABC.DE

        server string = Samba Server

        security = ADS

        map to guest = Bad User

        password server = ABCDC01.abc.de ABCDC02.abc.de

        use kerberos keytab = Yes

        log file = /var/log/samba/log.%m

        max log size = 50

        time server = Yes

        os level = 65

        local master = No

        domain master = No

        wins support = Yes

        idmap uid = 10000-20000

        idmap gid = 10000-20000

        winbind separator = +

        winbind use default domain = Yes


[test]

        comment = test

        path = /test

        valid users = ABC+corpus, ABC+ahu

        read only = No

Der User ABC+corpus gibt es auch lokal und ich kann mich mit ihm anmelden und zwar mit dem Passwort aus dem Active Directory, nicht mit dem lokalen! Der Benutzer ABC+ahu existiert nur im Active Directory und mit dem kann ich mich nicht anmelden. Wenn ich

useradd ahu

mache, kann ich mich auch mit dem anmelden.

Was mache ich falsch? Ich will eigentlich auch, dass alle Benutzer die sich anmelden, auf den lokalen Benutzer corpus gemappt werden von den Zugriffsrechten her. Dafür hätte ich bei der Freigabe force user = corpus benutzt. Ist das so richtig?

Hallo,

hast Du Samba auch zur Domäne hinzugefügt?

Frank

klar, mit

net ads join -U Administrator

Was sagt denn "net ads status" und "net ads info"?

Frank

net ads status

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: user

objectClass: computer

cn: abc-db

distinguishedName: CN=abc-db,OU=censhare,DC=abc,DC=de

instanceType: 4

whenCreated: 20100511105254.0Z

whenChanged: 20100512082251.0Z

uSNCreated: 22868319

uSNChanged: 22888893

name: abc-db

objectGUID: 2d75b621-8c62-4cc3-8f6f-c57c2ce976a2

userAccountControl: 69632

codePage: 0

countryCode: 0

localPolicyFlags: 0

pwdLastSet: 129180487745752173

primaryGroupID: 515

objectSid: S-1-5-21-1908643336-3031790836-1197610969-2596

accountExpires: 9223372036854775807

sAMAccountName: abc-db$

sAMAccountType: 805306369

dNSHostName: abc-db.abc.de

servicePrincipalName: HOST/abc-db.abc.de

servicePrincipalName: HOST/ABC-DB

objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=abc,DC=de

isCriticalSystemObject: FALSE

dSCorePropagationData: 20100512082251.0Z

dSCorePropagationData: 20100512082251.0Z

dSCorePropagationData: 20100512082251.0Z

dSCorePropagationData: 20100511123814.0Z

dSCorePropagationData: 16010721193112.0Z

lastLogonTimestamp: 129180487750283365

-------------- Security Descriptor (revision: 1, type: 0x8c14)

owner SID: S-1-5-21-1908643336-3031790836-1197610969-512

group SID: S-1-5-21-1908643336-3031790836-1197610969-513

------- (system) ACL (revision: 4, size: 120, number of ACEs: 2)

------- ACE (type: 0x07, flags: 0x5a, size: 0x38, mask: 0x20, object flags: 0x3)

access SID:  S-1-1-0

access type: AUDIT OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x07, flags: 0x5a, size: 0x38, mask: 0x20, object flags: 0x3)

access SID:  S-1-1-0

access type: AUDIT OBJECT

Permissions: 

        [Write All Properties]

------- (user) ACL (revision: 4, size: 3940, number of ACEs: 76)

------- ACE (type: 0x05, flags: 0x00, size: 0x48, mask: 0x20, object flags: 0x3)

access SID:  S-1-5-21-1908643336-3031790836-1197610969-512

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x00, size: 0x48, mask: 0x20, object flags: 0x3)

access SID:  S-1-5-21-1908643336-3031790836-1197610969-512

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x00, size: 0x48, mask: 0x20, object flags: 0x3)

access SID:  S-1-5-21-1908643336-3031790836-1197610969-512

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x00, size: 0x48, mask: 0x20, object flags: 0x3)

access SID:  S-1-5-21-1908643336-3031790836-1197610969-512

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x00, size: 0x38, mask: 0x8, object flags: 0x1)

access SID:  S-1-5-21-1908643336-3031790836-1197610969-512

access type: ALLOWED OBJECT

Permissions: 

        [All validate writes]

------- ACE (type: 0x05, flags: 0x00, size: 0x38, mask: 0x8, object flags: 0x1)

access SID:  S-1-5-21-1908643336-3031790836-1197610969-512

access type: ALLOWED OBJECT

Permissions: 

        [All validate writes]

------- ACE (type: 0x05, flags: 0x00, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-1908643336-3031790836-1197610969-512

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x00, size: 0x38, mask: 0x30, object flags: 0x1)

access SID:  S-1-5-21-1908643336-3031790836-1197610969-517

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x00, size: 0x2c, mask: 0x3, object flags: 0x1)

access SID:  S-1-5-32-550

access type: ALLOWED OBJECT

Permissions: 

        [Create All Child Objects]

        [Delete All Child Objects]

------- ACE (type: 0x05, flags: 0x00, size: 0x2c, mask: 0x10, object flags: 0x1)

access SID:  S-1-5-32-560

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x00, size: 0x28, mask: 0x100, object flags: 0x1)

access SID:  S-1-1-0

access type: ALLOWED OBJECT

Permissions: 

        [Change Password]

        [Reset Password]

------- ACE (type: 0x05, flags: 0x00, size: 0x28, mask: 0x8, object flags: 0x1)

access SID:  S-1-5-10

access type: ALLOWED OBJECT

Permissions: 

        [All validate writes]

------- ACE (type: 0x05, flags: 0x00, size: 0x28, mask: 0x8, object flags: 0x1)

access SID:  S-1-5-10

access type: ALLOWED OBJECT

Permissions: 

        [All validate writes]

------- ACE (type: 0x05, flags: 0x00, size: 0x28, mask: 0x30, object flags: 0x1)

access SID:  S-1-5-10

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

        [Write All Properties]

------- ACE (type: 0x00, flags: 0x00, size: 0x24, mask: 0x301d4)

access SID:  S-1-5-21-1908643336-3031790836-1197610969-512

access type: ALLOWED

Permissions: 

        [List Contents]

        [Read All Properties]

        [Delete Subtree]

        [List Object]

        [Change Password]

        [Reset Password]

        [Delete]

        [Read Permissions]

------- ACE (type: 0x00, flags: 0x00, size: 0x24, mask: 0xf01ff)

access SID:  S-1-5-21-1908643336-3031790836-1197610969-512

access type: ALLOWED

Permissions: [Full Control]

------- ACE (type: 0x00, flags: 0x00, size: 0x18, mask: 0xf01ff)

access SID:  S-1-5-32-548

access type: ALLOWED

Permissions: [Full Control]

------- ACE (type: 0x00, flags: 0x00, size: 0x14, mask: 0x3)

access SID:  S-1-5-10

access type: ALLOWED

Permissions: 

        [Create All Child Objects]

        [Delete All Child Objects]

------- ACE (type: 0x00, flags: 0x00, size: 0x14, mask: 0x20094)

access SID:  S-1-5-11

access type: ALLOWED

Permissions: 

        [List Contents]

        [Read All Properties]

        [List Object]

        [Read Permissions]

------- ACE (type: 0x00, flags: 0x00, size: 0x14, mask: 0xf01ff)

access SID:  S-1-5-18

access type: ALLOWED

Permissions: [Full Control]

------- ACE (type: 0x05, flags: 0x1a, size: 0x48, mask: 0x100, object flags: 0x3)

access SID:  S-1-5-21-1908643336-3031790836-1197610969-1621

access type: ALLOWED OBJECT

Permissions: 

        [Change Password]

        [Reset Password]

------- ACE (type: 0x05, flags: 0x1a, size: 0x48, mask: 0x30, object flags: 0x3)

access SID:  S-1-5-21-1908643336-3031790836-1197610969-1621

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)

access SID:  S-1-5-32-554

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)

access SID:  S-1-5-32-554

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)

access SID:  S-1-5-32-554

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)

access SID:  S-1-5-32-554

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)

access SID:  S-1-5-32-554

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)

access SID:  S-1-5-32-554

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)

access SID:  S-1-5-32-554

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)

access SID:  S-1-5-32-554

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)

access SID:  S-1-5-32-554

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x100, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2127

access type: ALLOWED OBJECT

Permissions: 

        [Change Password]

        [Reset Password]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x1, object flags: 0x1)

access SID:  S-1-5-21-1908643336-3031790836-1197610969-1881

access type: ALLOWED OBJECT

Permissions: 

        [Create All Child Objects]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x3, object flags: 0x1)

access SID:  S-1-5-21-1908643336-3031790836-1197610969-1655

access type: ALLOWED OBJECT

Permissions: 

        [Create All Child Objects]

        [Delete All Child Objects]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x10, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2127

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x10, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2127

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x10, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2127

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x10, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2127

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x10, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2127

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x10, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2127

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2129

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2129

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2129

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2129

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2127

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2127

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2127

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2129

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2127

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2129

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2129

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2127

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2127

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2129

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2129

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2127

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2129

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2127

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2129

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2127

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2129

access type: ALLOWED OBJECT

Permissions: 

        [Write All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0xf01ff, object flags: 0x1)

access SID:  S-1-5-21-3750646053-980421032-497267106-2129

access type: ALLOWED OBJECT

Permissions: [Full Control]

------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x10, object flags: 0x3)

access SID:  S-1-5-9

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x1a, size: 0x38, mask: 0x10, object flags: 0x3)

access SID:  S-1-5-9

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x1a, size: 0x38, mask: 0x10, object flags: 0x3)

access SID:  S-1-5-9

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x1a, size: 0x38, mask: 0xf01ff, object flags: 0x2)

access SID:  S-1-5-21-1908643336-3031790836-1197610969-1655

access type: ALLOWED OBJECT

Permissions: [Full Control]

------- ACE (type: 0x05, flags: 0x1a, size: 0x2c, mask: 0x20094, object flags: 0x2)

access SID:  S-1-5-32-554

access type: ALLOWED OBJECT

Permissions: 

        [List Contents]

        [Read All Properties]

        [List Object]

        [Read Permissions]

------- ACE (type: 0x05, flags: 0x1a, size: 0x2c, mask: 0x20094, object flags: 0x2)

access SID:  S-1-5-32-554

access type: ALLOWED OBJECT

Permissions: 

        [List Contents]

        [Read All Properties]

        [List Object]

        [Read Permissions]

------- ACE (type: 0x05, flags: 0x1a, size: 0x2c, mask: 0x20094, object flags: 0x2)

access SID:  S-1-5-32-554

access type: ALLOWED OBJECT

Permissions: 

        [List Contents]

        [Read All Properties]

        [List Object]

        [Read Permissions]

------- ACE (type: 0x05, flags: 0x12, size: 0x28, mask: 0x10, object flags: 0x1)

access SID:  S-1-5-20

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x28, mask: 0x10, object flags: 0x1)

access SID:  S-1-5-11

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

------- ACE (type: 0x05, flags: 0x12, size: 0x28, mask: 0x130, object flags: 0x1)

access SID:  S-1-5-10

access type: ALLOWED OBJECT

Permissions: 

        [Read All Properties]

        [Write All Properties]

        [Change Password]

        [Reset Password]

------- ACE (type: 0x00, flags: 0x12, size: 0x24, mask: 0x20094)

access SID:  S-1-5-21-3750646053-980421032-497267106-2129

access type: ALLOWED

Permissions: 

        [List Contents]

        [Read All Properties]

        [List Object]

        [Read Permissions]

------- ACE (type: 0x00, flags: 0x12, size: 0x24, mask: 0xf01ff)

access SID:  S-1-5-21-3750646053-980421032-497267106-519

access type: ALLOWED

Permissions: [Full Control]

------- ACE (type: 0x00, flags: 0x12, size: 0x18, mask: 0x4)

access SID:  S-1-5-32-554

access type: ALLOWED

Permissions: 

        [List Contents]

------- ACE (type: 0x00, flags: 0x12, size: 0x18, mask: 0xf01bd)

access SID:  S-1-5-32-544

access type: ALLOWED

Permissions: 

        [Create All Child Objects]

        [List Contents]

        [All validate writes]

        [Read All Properties]

        [Write All Properties]

        [List Object]

        [Change Password]

        [Reset Password]

        [Delete]

        [Read Permissions]

        [Modify Permissions]

        [Modify Owner]

-------------- End Of Security Descriptor

net ads info

LDAP server: 172.16.100.5

LDAP server name: abcdc02

Realm: ABC.DE

Bind Path: dc=ABC,dc=DE

LDAP port: 389

Server time: Fri, 14 May 2010 13:33:20 CEST

KDC server: 172.16.100.5

Server time offset: 0

Achja noch zur Info, alles "abc" wurde von mir verändert, Domäne und Domaincontroller usw. heißen eigentlich etwas anders...

Sieht ja erst einmal gut aus.

Geht denn wbinfo -u oder wbinfo -g?

Frank

ja das geht auch

Wie gesagt, auch

wbinfo -a corpus%password

bzw.

wbinfo -a ahu%password

funktionieren, ich kann mich auch mit beiden Benutzern an der Freigabe anmelden und zwar mit dem Passwort aus dem Active Directory, aber eben NUR wenn der Benutzer auch noch in der /etc/passwd steht.

In der passwd muss er definitiv nicht stehen bei einer Domänenanmeldung.

Was sagt denn das Logfile wenn sich ein Domänenuser anmelden möchte?

Hast Du auch /etc/nsswitch.conf geändert?

Frank

Aus dem Log, einmal as Benutzer ahu (nicht lokal) und einmal als benutzer corpus (auch lokal)

[2010/05/14 14:35:36, 2] auth/auth.c:(319)

  check_ntlm_password:  Authentication for user [ahu] -> [ahu] FAILED with error NT_STATUS_NO_SUCH_USER

[2010/05/14 14:35:57, 2] auth/auth.c:(309)

  check_ntlm_password:  authentication for user [corpus] -> [corpus] -> [corpus] succeeded

[2010/05/14 14:35:57, 1] smbd/service.c:(1042)

  ahu (192.168.213.254) connect to service test initially as user corpus (uid=861, gid=861) (pid 19335)

[2010/05/14 14:35:57, 2] smbd/open.c:(391)

  corpus opened file .DS_Store read=Yes write=No (numopen=1)

[2010/05/14 14:35:57, 2] smbd/close.c:(406)

  corpus closed file .DS_Store (numopen=0) NT_STATUS_OK

Die nsswitch.conf habe ich nicht angepasst, ich dachte die wäre dafür gut, damit ich grundsätzlich Active Directory Benutzer an dem Server anmelden können, also per Konsole oder SSH usw.

Aber ich will ja weiterhin einen lokalen Benutzer corpus haben, der auf jeden Fall unnabhängig ist von dem Active Directory.

Die Konsolen und SSH Anmeldung läuft auch nach Änderung der nsswitch nicht grundsätzlich über ADS. Wenn in der nswitch kein winbind drin steht, dann weiss er doch nicht wen er fragen soll und landet folglich bei der passwd.

Frank

ah okay, hab also in der nsswitch.conf ein bisschen was angepasst:

passwd:     files winbind

group:      files winbind

Trotzdem kein Erfolg Hab auch samba, winbind und nmbd alles durchgestart. Muss man da sonst noch was durchstarten? nsswitch.conf sollte aber gleich greifen denke ich, oder? Log sieht immer noch so aus

[2010/05/14 14:50:38, 2] auth/auth.c:(319)

  check_ntlm_password:  Authentication for user [ahu] -> [ahu] FAILED with error NT_STATUS_NO_SUCH_USER

[2010/05/14 14:50:42, 2] auth/auth.c:(309)

  check_ntlm_password:  authentication for user [corpus] -> [corpus] -> [corpus] succeeded

[2010/05/14 14:50:42, 1] smbd/service.c:(1042)

  ahu (192.168.213.254) connect to service test initially as user corpus (uid=861, gid=861) (pid 19657)

[2010/05/14 14:50:42, 2] smbd/open.c:(391)

  corpus opened file .DS_Store read=Yes write=No (numopen=1)

[2010/05/14 14:50:42, 2] smbd/close.c:(406)

  corpus closed file .DS_Store (numopen=0) NT_STATUS_OK

[2010/05/14 14:50:42, 2] smbd/open.c:(391)

  corpus opened file .DS_Store read=Yes write=No (numopen=1)

[2010/05/14 14:50:42, 2] smbd/close.c:(406)

  corpus closed file .DS_Store (numopen=0) NT_STATUS_OK

Bei mir steht in der nsswitch.conf immer folgendes.

passwd: compat winbind

group: compat winbind

Was sagt eigentlich das winbind Log?

Frank

Tja, ich fürchte die ganze Geschichte ist hinfällig

Die haben mir unter dem Hintern den AD Server auf 2008 R2 geupdatet und unter Solaris hab ich nur Samba 3.0.37 und so wie ich das sehe, ist das mit R2 nicht kompatibel.

Dann würde ich sagen, dass ein Update fällig ist.

Frank

Bei Solaris haben die nur Samba 3.0 mit drin, kein 3.1, 3.2, 3.3, 3.4

Und da hab ich die aktuellste Version 3.0.37

"einfach" mal updaten ist da nicht

Trotzdem vielen Dank für deine Hilfe.

Und selber bauen?

Frank

Ist bei Solaris keine einfache Sache. Da müssen compiler und Library Path Variable simmen und die Abhängigkeiten.

Viel zu viel Aufwand