failed to find authenticated user via getpwnam denying access
/etc/init.d/smb stop && /etc/init.d/windbind stop && /etc/init.d/nscd stop net cache flush rm -rf /var/lib/samba/*.tdb net ads join -Udomainadmin /etc/init.d/smb start && /etc/init.d/windbind start && /etc/init.d/nscd start
/etc/samba/smb.conf
[global] workgroup = workgroup server string = Serveur toto log file = /var/log/samba/%m.log realm = serveur.ad.toto.fr security = ads template shell = /bin/bash idmap uid = 20000-50000000 idmap gid = 20000-50000000 winbind use default domain = yes winbind enum users = no winbind enum groups = no winbind separator = + allow trusted domains = no password server = X.X.X.X X.X.X.X wins server = X.X.X.X name resolve order = wins lmhosts host client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes
/etc/nsswitch.conf
passwd: files nis winbind shadow: files nis winbind group: files nis winbind
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = serveur.ad.toto.fr
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
serveur.ad.toto.fr = {
kdc = X.X.X.X
kdc = X.X.X.X
admin_server = X.X.X.X
}
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Joindre le domaine :
net ads join -UAdministrator
Tester :
wbinfo -u ID