samba ROLE_DOMAIN_MEMBER security ads
centoS 5.5
[root@osra ~]# rpm -q samba3x samba3x-3.3.8-0.52.el5_5.2 [root@osra ~]# rpm -q krb5-workstation krb5-workstation-1.6.1-36.el5_5.5 domain controller windows 2k3 sp3 i follow those guides: http://wiki.samba.org/index.php/Samb...tive_Directory http://www.samba.org/samba/docs/man/...html#ch9-adsdc i join the domain, i can test the user [root@osra ~]# wbinfo -a mbottalico%######### plaintext password authentication succeeded challenge/response password authentication succeeded [root@osra ~]# wbinfo -u administrator guest krbtgt [root@osra ~]# wbinfo -g utenti wins dhcp users dhcp administrators computer del dominio controller di dominio getent passwd and group ok without "DOMAIN+" kinit e klist ok. i can browser the samba server, but i can enter on "temp", but not in "test" (access denied) [root@osra ~]# smbclient \\\\osra\\test -U administrator Enter administrator's password: Domain=[DOMAINSHORT] OS=[Unix] Server=[Samba 3.3.8-0.52.el5_5.2] smb: \> ls NT_STATUS_NETWORK_ACCESS_DENIED listing \* (I noticed only writing this message) [root@osra ~]# smbclient \\\\osra\\tmp -U administrator Enter administrator's password: Domain=[DOMAINSHORT] OS=[Unix] Server=[Samba 3.3.8-0.52.el5_5.2] smb: \> dir . D 0 Wed Oct 20 15:15:23 2010 .. D 0 Wed Oct 20 11:42:23 2010 T0100000160 D 0 Wed Oct 20 12:33:32 2010 t01tty90 D 0 Wed Oct 20 11:42:23 2010 T01port-mb1 D 0 Thu Oct 21 15:21:51 2010 impexp D 0 Wed Jul 14 12:11:44 2010 T0100000140 D 0 Wed Oct 20 12:05:00 2010 dirvuota.txt A 0 Wed Nov 6 08:15:20 1991 t01tty01 D 0 Wed Oct 20 11:42:23 2010 aggiofix A 5237760 Thu Nov 17 20:27:58 2005 t01tty02 D 0 Wed Oct 20 11:42:23 2010 T0100000150 D 0 Wed Oct 20 12:16:10 2010 53488 blocks of size 2097152. 49908 blocks available smb: \> q 0 blocks of size 0. 511 blocks available any help? config file: /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = DOMAIN.COM dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes default_tkt_enctypes = des-cbc-crc; des-cbc-md5 default_tgs_enctypes = des-cbc-crc; des-cbc-md5 [realms] DOMAIN.COM = { kdc = alpha.DOMAIN.com admin_server = alpha.domain.com default_domain = domain.com } [domain_realm] shortdomain = DOMAIN.COM domain.com = DOMAIN.COM .domain.com = DOMAIN.COM [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } /etc/smb.conf [global] workgroup = SHORTDOMAIN realm = DOMAIN.COM preferred master = no server string = Linux Machine security = ads encrypt passwords = yes log level = 5 log file = /var/log/samba/%m client use spnego = yes client ntlmv2 auth = yes max log size = 50 printcap name = cups printing = cups username map = /etc/samba/smbusers winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nested groups = Yes winbind separator = + idmap uid = 100-20000 idmap gid = 100-20000 ; template primary group = "Domain Users" template shell = /bin/bash [printers] comment = All Printers path = /var/spool/cups browseable = no printable = yes guest ok = yes [test] comment = test path = /u/test Valid Users = DOMAIN.COM+user @DOMAIN.COM+group writable = yes browseable = yes [tmp] comment = test-no-security-ads path = /tmp guest ok = yes public = yes browseable = yes read only = no create mask = 0777 directory mask = 0777 /etc/nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_succeed_if.so uid < 100 quiet account sufficient pam_winbind.so use_first_pass account required pam_permit.so password requisite pam_cracklib.so retry=3 type= password sufficient pam_unix.so nullok use_authtok md5 shadow password sufficient pam_winbind.so use_first_pass password required pam_deny.so session required pam_limits.so session required pam_unix.so session required pam_winbind.so use_first_pass |
closed, risolved by chmod on the fs.
i'm a dumb. |
All times are GMT -5. The time now is 08:33 AM. |