forum.opennet.ru

Составление сообщения

Исходное сообщение

"Samba 4   AD2008R2  проблема Аутентификации  "
Отправлено peering, 29-Сен-15 16:33

Поставил debian 8.1 там уже 4 samba, домен на AD2008R2
Что я только не делал, не получается авторизоваться пользователю.

В домен ввёл ,  кажется проблема в директиве valid users = @"AD\Domain admins" тут как только не пробовал и полностью домен , и без слеша , и пользователя отдельно.

wbinfo -g
domain admins
denied rodc password replication group
cert publishers
schema admins
enterprise admins
group policy creator owners
domain users
domain computers
dnsadmins
dnsupdateproxy
dhcp users
Домен вида AD.24.RU не знаю зачем так сделали )))))
smb.conf
[global]
    workgroup =  AD
    realm = AD.24.RU
    netbios name = 1tb
    security = ADS
    encrypt passwords = true
    dns proxy = no
    socket options = TCP_NODELAY
    log file = /var/log/samba/log.%m
    max log size = 500....
#### Reg-raboty
   domain master = no
   local master = no
   preferred master = no
   os level = 0
   domain logons = no
   wins support = no
#### PRINTERS
.
  load printers = no
   show add printer wizard = no
   printcap name = /dev/null
   disable spoolss = yes
####
..
    idmap uid = 10000 - 40000
    idmap gid = 10000 - 40000
    winbind enum groups = yes
    winbind enum users = yes
    winbind use default domain = yes
    template shell = /bin/bash
    template homedir = /var/shara/%D/%U
    winbind refresh tickets = yes
    winbind offline logon = yes
    winbind cache time = 1440

[shara]
    path = /var/shara
    read only = no
    browseable = yes
    inherit permissions = no
    admin users = @"AD\Domain admins"
    valid users =  @"AD\Domain admins"
    write list =  @"AD\Domain admins"

-----
в логах пишет
2015/09/29 19:13:40.060271,  2] ../auth/gensec/spnego.c:743(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_NO_SUCH_USER
[2015/09/29 19:13:40.100792,  1] ../source3/param/loadparm.c:3179(lp_do_parameter)
  WARNING: The "idmap uid" option is deprecated
[2015/09/29 19:13:40.100875,  1] ../source3/param/loadparm.c:3179(lp_do_parameter)
  WARNING: The "idmap gid" option is deprecated
[2015/09/29 19:13:40.101027,  2] ../source3/param/loadparm.c:3582(do_section)
  Processing section "[shara]"
[2015/09/29 19:13:40.104475,  2] ../source3/auth/auth.c:288(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [xxx] -> [xxx] FAILED with error NT_STATUS_NO_SUCH_USER
[2015/09/29 19:13:40.104560,  2] ../auth/gensec/spnego.c:743(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_NO_SUCH_USER
---------------------------------------
xxx пользователь в группе domain admins
smbd.log

WARNING: The "idmap uid" option is deprecated
[2015/09/29 19:13:27.322028,  1] ../source3/param/loadparm.c:3179(lp_do_parameter)
  WARNING: The "idmap gid" option is deprecated
[2015/09/29 19:13:27.322130,  2] ../source3/param/loadparm.c:3582(do_section)
  Processing section "[shara]"
[2015/09/29 19:13:27.322328,  2] ../source3/lib/interface.c:341(add_interface)
  added interface eth0 ip=192.168.0.183 bcast=192.168.0.255 netmask=255.255.255.0
[2015/09/29 19:13:27.332642,  0] ../lib/util/become_daemon.c:136(daemon_ready)
  STATUS=daemon 'smbd' finished starting up and ready to serve connectionswaiting for connections
[2015/09/29 19:14:27.372953,  2] ../source3/smbd/server.c:419(remove_child_pid)
  Could not find child 1521 -- ignoring
[2015/09/29 19:15:27.434786,  2] ../source3/smbd/server.c:419(remove_child_pid)
  Could not find child 1536 -- ignoring
[2015/09/29 19:16:26,  0] ../source3/smbd/server.c:1189(main)
  smbd version 4.1.17-Debian started.
  Copyright Andrew Tridgell and the Samba Team 1992-2013
[2015/09/29 19:16:26.197236,  0] ../lib/util/become_daemon.c:136(daemon_ready)
[2015/09/29 19:17:18,  0] ../source3/smbd/server.c:1189(main)
  smbd version 4.1.17-Debian started.

Исходное сообщение
"Samba 4 AD2008R2 проблема Аутентификации " Отправлено peering, 29-Сен-15 16:33
Поставил debian 8.1 там уже 4 samba, домен на AD2008R2 Что я только не делал, не получается авторизоваться пользователю. В домен ввёл , кажется проблема в директиве valid users = @"AD\Domain admins" тут как только не пробовал и полностью домен , и без слеша , и пользователя отдельно. wbinfo -g domain admins denied rodc password replication group cert publishers schema admins enterprise admins group policy creator owners domain users domain computers dnsadmins dnsupdateproxy dhcp users Домен вида AD.24.RU не знаю зачем так сделали ))))) smb.conf [global] workgroup = AD realm = AD.24.RU netbios name = 1tb security = ADS encrypt passwords = true dns proxy = no socket options = TCP_NODELAY log file = /var/log/samba/log.%m max log size = 500.... #### Reg-raboty domain master = no local master = no preferred master = no os level = 0 domain logons = no wins support = no #### PRINTERS . load printers = no show add printer wizard = no printcap name = /dev/null disable spoolss = yes #### .. idmap uid = 10000 - 40000 idmap gid = 10000 - 40000 winbind enum groups = yes winbind enum users = yes winbind use default domain = yes template shell = /bin/bash template homedir = /var/shara/%D/%U winbind refresh tickets = yes winbind offline logon = yes winbind cache time = 1440 [shara] path = /var/shara read only = no browseable = yes inherit permissions = no admin users = @"AD\Domain admins" valid users = @"AD\Domain admins" write list = @"AD\Domain admins" ----- в логах пишет 2015/09/29 19:13:40.060271, 2] ../auth/gensec/spnego.c:743(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_NO_SUCH_USER [2015/09/29 19:13:40.100792, 1] ../source3/param/loadparm.c:3179(lp_do_parameter) WARNING: The "idmap uid" option is deprecated [2015/09/29 19:13:40.100875, 1] ../source3/param/loadparm.c:3179(lp_do_parameter) WARNING: The "idmap gid" option is deprecated [2015/09/29 19:13:40.101027, 2] ../source3/param/loadparm.c:3582(do_section) Processing section "[shara]" [2015/09/29 19:13:40.104475, 2] ../source3/auth/auth.c:288(auth_check_ntlm_password) check_ntlm_password: Authentication for user [xxx] -> [xxx] FAILED with error NT_STATUS_NO_SUCH_USER [2015/09/29 19:13:40.104560, 2] ../auth/gensec/spnego.c:743(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_NO_SUCH_USER --------------------------------------- xxx пользователь в группе domain admins smbd.log WARNING: The "idmap uid" option is deprecated [2015/09/29 19:13:27.322028, 1] ../source3/param/loadparm.c:3179(lp_do_parameter) WARNING: The "idmap gid" option is deprecated [2015/09/29 19:13:27.322130, 2] ../source3/param/loadparm.c:3582(do_section) Processing section "[shara]" [2015/09/29 19:13:27.322328, 2] ../source3/lib/interface.c:341(add_interface) added interface eth0 ip=192.168.0.183 bcast=192.168.0.255 netmask=255.255.255.0 [2015/09/29 19:13:27.332642, 0] ../lib/util/become_daemon.c:136(daemon_ready) STATUS=daemon 'smbd' finished starting up and ready to serve connectionswaiting for connections [2015/09/29 19:14:27.372953, 2] ../source3/smbd/server.c:419(remove_child_pid) Could not find child 1521 -- ignoring [2015/09/29 19:15:27.434786, 2] ../source3/smbd/server.c:419(remove_child_pid) Could not find child 1536 -- ignoring [2015/09/29 19:16:26, 0] ../source3/smbd/server.c:1189(main) smbd version 4.1.17-Debian started. Copyright Andrew Tridgell and the Samba Team 1992-2013 [2015/09/29 19:16:26.197236, 0] ../lib/util/become_daemon.c:136(daemon_ready) [2015/09/29 19:17:18, 0] ../source3/smbd/server.c:1189(main) smbd version 4.1.17-Debian started.

Ваше сообщение
Имя*:
EMail:	Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	> Поставил debian 8.1 там уже 4 samba, домен на AD2008R2 > Что я только не делал, не получается авторизоваться пользователю. > В домен ввёл , кажется проблема в директиве valid users = > @"AD\Domain admins" тут как только не пробовал и полностью домен , > и без слеша , и пользователя отдельно. > wbinfo -g > domain admins > denied rodc password replication group > cert publishers > schema admins > enterprise admins > group policy creator owners > domain users > domain computers > dnsadmins > dnsupdateproxy > dhcp users > Домен вида AD.24.RU не знаю зачем так сделали ))))) > smb.conf > [global] > workgroup = AD > realm = AD.24.RU > netbios name = 1tb > security = ADS > encrypt passwords = true > dns proxy = no > socket options = TCP_NODELAY > log file = /var/log/samba/log.%m > max log size = 500.... > #### Reg-raboty > domain master = no > local master = no > preferred master = no > os level = 0 > domain logons = no > wins support = no > #### PRINTERS > . > load printers = no > show add printer wizard = no > printcap name = /dev/null > disable spoolss = yes > #### > .. > idmap uid = 10000 - 40000 > idmap gid = 10000 - 40000 > winbind enum groups = yes > winbind enum users = yes > winbind use default domain = yes > template shell = /bin/bash > template homedir = /var/shara/%D/%U > winbind refresh tickets = yes > winbind offline logon = yes > winbind cache time = 1440 > [shara] > path = /var/shara > read only = no > browseable = yes > inherit permissions = no > admin users = @"AD\Domain admins" > valid users = @"AD\Domain admins" > write list = @"AD\Domain admins" > ----- > в логах пишет > 2015/09/29 19:13:40.060271, 2] ../auth/gensec/spnego.c:743(gensec_spnego_server_negTokenTarg) > SPNEGO login failed: NT_STATUS_NO_SUCH_USER > [2015/09/29 19:13:40.100792, 1] ../source3/param/loadparm.c:3179(lp_do_parameter) > WARNING: The "idmap uid" option is deprecated > [2015/09/29 19:13:40.100875, 1] ../source3/param/loadparm.c:3179(lp_do_parameter) > WARNING: The "idmap gid" option is deprecated > [2015/09/29 19:13:40.101027, 2] ../source3/param/loadparm.c:3582(do_section) > Processing section "[shara]" > [2015/09/29 19:13:40.104475, 2] ../source3/auth/auth.c:288(auth_check_ntlm_password) > check_ntlm_password: Authentication for user [xxx] -> [xxx] FAILED with > error NT_STATUS_NO_SUCH_USER > [2015/09/29 19:13:40.104560, 2] ../auth/gensec/spnego.c:743(gensec_spnego_server_negTokenTarg) > SPNEGO login failed: NT_STATUS_NO_SUCH_USER > --------------------------------------- > xxx пользователь в группе domain admins > smbd.log > WARNING: The "idmap uid" option is deprecated > [2015/09/29 19:13:27.322028, 1] ../source3/param/loadparm.c:3179(lp_do_parameter) > WARNING: The "idmap gid" option is deprecated > [2015/09/29 19:13:27.322130, 2] ../source3/param/loadparm.c:3582(do_section) > Processing section "[shara]" > [2015/09/29 19:13:27.322328, 2] ../source3/lib/interface.c:341(add_interface) > added interface eth0 ip=192.168.0.183 bcast=192.168.0.255 netmask=255.255.255.0 > [2015/09/29 19:13:27.332642, 0] ../lib/util/become_daemon.c:136(daemon_ready) > STATUS=daemon 'smbd' finished starting up and ready to serve connectionswaiting > for connections > [2015/09/29 19:14:27.372953, 2] ../source3/smbd/server.c:419(remove_child_pid) > Could not find child 1521 -- ignoring > [2015/09/29 19:15:27.434786, 2] ../source3/smbd/server.c:419(remove_child_pid) > Could not find child 1536 -- ignoring > [2015/09/29 19:16:26, 0] ../source3/smbd/server.c:1189(main) > smbd version 4.1.17-Debian started. > Copyright Andrew Tridgell and the Samba Team 1992-2013 > [2015/09/29 19:16:26.197236, 0] ../lib/util/become_daemon.c:136(daemon_ready) > [2015/09/29 19:17:18, 0] ../source3/smbd/server.c:1189(main) > smbd version 4.1.17-Debian started.
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру