maybe, but have you also tried smbclient -L workhorse -Uturgon On Fri, Apr 23, 2010 at 3:58 PM, Michael Leone <[email protected]>wrote:
> No, dim-win2300 knows who turgon is. ;-) in fact, I am logged in on > the console of dim-win2300 right now. And turgon is a Domain Admin. It > was the account I used to join the laptop to the domain with. And it > did join, as I see the laptop machine account in AD. So I think it > must be something else ... > > > On 4/23/10, grant little <[email protected]> wrote: > > On Fri, Apr 23, 2010 at 10:14 AM, Mike Leone <[email protected]> > wrote: > > > >> I set up an old laptop with Xubuntu 9.10. I configured Samba as to work > >> with my Win2003 AD domain that has MS Services for Unix installed. > >> > >> I can get a Kerberos ticket. I successfully added the laptop to the AD > >> domain. wbinfo -a shows me all users, domain and local. wbinfo -g shows > me > >> all groups. wbinfo -a user%password returns successfully. "getent > passwd" > >> works as expected - I see local users, and domain users. > >> > >> "net ads info" works correctly, returning info. > >> > >> LDAP server: 10.0.0.60 > >> LDAP server name: dim-win2300.DaCrib.local > >> Realm: DACRIB.LOCAL > >> Bind Path: dc=DACRIB,dc=LOCAL > >> LDAP port: 389 > >> Server time: Fri, 23 Apr 2010 13:12:53 EDT > >> KDC server: 10.0.0.60 > >> Server time offset: 1 > >> > >> And yet: > >> > >> $ smbclient -L workhorse > >> Enter turgon's password: > >> session setup failed: NT_STATUS_ACCESS_DENIED > >> > >> I have no idea why it's failing; I'm not seeing anything in the samba or > >> winbind logs. (workhorse is Ubuntu 9.10, configured as a domain member > >> server) > >> > >> I can do the reverse; from "workhorse" I can see all the shares on the > >> laptop: > >> > >> tur...@workhorse:~$ smbclient -L turgon-laptop > >> Enter turgon's password: > >> Domain=[DACRIB] OS=[Unix] Server=[Samba 3.4.0] > >> > >> Sharename Type Comment > >> --------- ---- ------- > >> IPC$ IPC IPC Service (turgon-laptop server > (Samba > >> 3.4.0, Domain: DACRIB, Server: turgon-laptop - NT1)) > >> print$ Disk Printer Drivers > >> Domain=[DACRIB] OS=[Unix] Server=[Samba 3.4.0] > >> > >> Server Comment > >> --------- ------- > >> TURGON-LAPTOP turgon-laptop server (Samba 3.4.0, Domain: , > >> Ser > >> > >> Workgroup Master > >> --------- ------- > >> DACRIB > >> > >> Hints as to where to go next? It must be something wrong on this > specific > >> laptop, since it works from my other server, > >> but I dunno where, since all the other tests work. Firewall is off, on > >> both machines. > >> > >> =============================== > >> smb.conf: > >> > >> [global] > >> workgroup = DACRIB > >> realm = DACRIB.LOCAL > >> server string = %h server (Samba %v, Domain: %D, Server: %L - R) > >> security = ads > >> map to guest = Bad User > >> > >> client use spnego = true > >> client ntlmv2 auth = yes > >> > >> eventlog list = Application System Security SyslogLinux > >> > >> # PAM AUTH > >> encrypt passwords = yes > >> obey pam restrictions = Yes > >> pam password change = true > >> password server = dim-win2300.DaCrib.local > >> passwd program = /usr/bin/passwd %u > >> passwd chat = *Enter\snew\s*\spassword:* %n\n > >> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > >> unix password sync = Yes > >> > >> log level = 3 > >> syslog = 0 > >> log file = /var/log/samba/log.%m > >> max log size = 1000 > >> > >> domain master = No > >> local master = No > >> os level = 2 > >> > >> dns proxy = No > >> usershare allow guests = Yes > >> panic action = /usr/share/samba/panic-action %d > >> > >> # WINBIND > >> > >> idmap config DACRIB: default = true > >> idmap uid = 10000-20000 > >> idmap gid = 10000-20000 > >> idmap config DACRIB:schema_mode = rfc2307 > >> > >> winbind enum users = Yes > >> winbind enum groups = Yes > >> winbind use default domain = Yes > >> winbind nested groups = Yes > >> winbind refresh tickets = true > >> winbind nss info = rfc2307 > >> winbind separator = + > >> > >> template homedir = /home/%D/%u > >> template shell = /bin/bash > >> > >> ; invalid users = root > >> create mask = 0700 > >> directory mask = 0775 > >> writable = Yes > >> enable privileges = Yes > >> restrict anonymous = 2 > >> > >> wide links = no > >> > >> socket options = TCP_NODELAY > >> > >> > >> -- > >> > >> I get the exact same thing happening on my Ubuntu 9.10 currently running > > 3.5.0rc2 (until I figure out how to manage 3.5.2 on Ubuntu 9.10) > > > > However if I do > > smbclient -L mysambaserver -UanADuserthatcanlogintothisserver > > > > it works just fine and returns the goods. So my guess is that > > dim-win2300.DaCrib.local doesn't know who turgon is... > > > > -- > Sent from my mobile device > > Michael J. Leone, <mailto:[email protected]> > > PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF > Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
