Centos 6.6 and Samba 3 - Can't get Domain User to login
Hi All
I have been racking my brains for the past 15 hours or so trying to know why my AD users can't actually login to the share which i have assigned. This is my smb.conf below: Quote:
Also when i do : id username it actually gives me the information for that user in my domain. I have done net ads login -U and joined the domain. I have set the pam auth modifications and the krb5 and nsswitch.conf files. So i do not get why i can't have the user i have assigned to that share access it? I can only imagine i have something wrong in my smb.conf? Please any helps would be appreciated. Thanks |
When you say "log in to the share", are you talking about browsing the share in Windows Explorer?
Are you logged in to the Windows workstation as "user1"? What are the actual permissions on /var/www/html/cmsmadesimple? Edit: Have you tried changing "valid users = user1" to "valid users = EXAMPLE\user1" on the Admin share? Also, unless a line got truncated, your idmap range setting is invalid. |
When i say login yeah i mean actually set a UNC path or map that share to the Windows PC. I am logged in as "user1". Permissions of /var/www/html/cmsmadesimple are 777.
I have tried access the Research Folder also and tried changing the grp to "domain users" along with doing chmod 777 but it still comes up asking for login details and when i enter them it says they are wrong - which i know they are not. Thanks |
Quote:
I have also tried Removing the idmap option as it is apparently depreciated still with no luck. |
You do need an idmap range option. Samba will default to using tdb if you don't specify an idmap backend, but you always have to specify a valid range. "10000 - 9999" is invalid, as the last number must always be greater than the first.
When I asked about permissions I was primarily thinking of ownership, but 777 should make that irrelevant. When you run id user1, does it map to a valid Unix ID or do you get something like 4,294,967,295? |
Thanks for clearing that up :)
When i do id user1 it lists all of the groups that user is associated with within AD. I'm wondering do i have to map an AD member group to a linux user or something? modified and shortened example: [root@ROM samba]# id user1 uid=10000(user1) gid=10000(domain users) groups=10000(domain users) |
Quote:
Quote:
You should try changing the owner of a file to be a domain user, just to verify that both nsswitch and PAM are indeed working properly: Code:
# touch somefile I looked through your smb.conf once more, and noticed the "valid users = any" setting. I can't remember having seen any references to "any" as a valid parameter on the Samba Wiki pages. Have you tried commenting out that setting? It's often a good idea to start off with a bare minimum of settings, and then add the required settings one by one to see if anything breaks. For instance, the "client", "encrypt passwords" and "restrict anonymous" settings should be superfluous, so you could try commenting out those as well. Do the settings reported by testparm match your intended settings in smb.conf? |
I have tried commenting the "any" part out and also the "client" and "restrict anonymous" but still not letting me in.
Quote:
When touching the file and chowning it - it did work and the ownership changed to that user although i didn't have to put EXAMPLE just chown user1 Quote:
NOTE: I can actually login via SSH to the linux box with my AD username and password and get a bash prompt, i just can't login to the shares of samba. I have also tried the following: Quote:
Thanks for the help so far! |
You don't by any chance have a local Linux user called "user1" as well? (cat /etc/passwd | grep user1) If you do try to specify the domain name (chown EXAMPLE\\user1 somefile), does it still work?
Here's a minimal smb.conf, you could try that and see if it works: Code:
[global] |
This does actually work! haha i don't believe it!
I changed it to this: Quote:
May i ask is there a way i can associate "domin users" AD group with a local group? Nevermind! my net groupmap has worked - i tried to create a file and it showed the following: Quote:
Thanks very much for your help!! |
I do have one other query please:
When allowing people to access the share it allows them and i can write to that share but if i go into a directory further into that share it will not allow me to write. I also keep seeing this too: DENY_WRITE 0x20196 WRONLY EXCLUSIVE+BATCH Any helps with this would be great. Thanks |
For anyone having the same issue i set this in the smb.conf:
Quote:
The permissions of the linux box for the group was different, as the user i was logging in with was part of "domain users" Thanks |
All times are GMT -5. The time now is 10:08 AM. |