I've been struggling for some time now trying to browse a samba share using my Windows Active Directory Domain user account. The scenario is: Windows 2012 Active Directory Domain Controller Domain is currently only running at Windows Server 2003 functional level Fresh install of Ubuntu 16.04 LTS Fresh install of Samba - Version 4.3.9-Ubuntu "apt-get install ntp krb5-user samba cifs-utils smbclient winbind" I've successfully joined the Ubuntu server to my AD domain and and can successfully see the Ubuntu server in the computers OU in AD, it also has a DNS record in the domain. wbinfo -u also successfully shows all of my active directory users and wbinfo -g also shows the AD groups. When i try to browse either the samba share from my windows machine it prompts with "access is denied". This is the first time i've tried to setup samba joined to a domain and passthru authentication can anybody help? krb5.conf is as follows: [libdefaults] ticket_lifetime = 24h default_realm = TESTDOMAIN.CO.UK forwardable = true [realms] TESTDOMAIN.CO.UK = { kdc = TESTDC admin_server = TESTDC } [domain_realm] .testdomain.co.uk = TESTDOMAIN.CO.UK testdomain.co.uk = TESTDOMAIN.CO.UK [kdc] profile = /etc/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log --------------------------------------- /etc/nsswitch.conf is as follows passwd: compat winbind group: compat winbind shadow: compat winbind gshadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis ----------------------------- smb.conf is as follows [global] # No .tld workgroup = TESTDOMAIN.CO.UK # Active Directory System security = ads # With .tld realm = TESTDOMAIN.CO.UK # Just a member server domain master = no local master = no preferred master = no # Disable printing error log messages when CUPS is not installed. printcap name = /etc/printcap load printers = no # Works both in samba 3.2 and 3.6. idmap backend = tdb idmap uid = 10000-99999 idmap gid = 10000-99999 # no .tld idmap config TESTDOMAIN:backend = rid idmap config TESTDOMAIN:range = 10000-9999 winbind enum users = yes winbind enum groups = yes # This way users log in with username instead of [email protected] winbind use default domain = yes # Inherit groups in groups winbind nested groups = yes winbind refresh tickets = yes winbind offline logon = true # Becomes /home/example/username template homedir = /home/%D/%U # No shell access template shell = /bin/false client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes restrict anonymous = 2 log file = /var/log/samba/samba.log log level = 2 [Windows] comment = Windows Share path = /usr/windows valid users = "@TESTDOMAIN.CO.UK\Domain Users" force group = "domain users" writable = yes read only = no force create mode = 0660 create mask = 0777 directory mask = 0777 force directory mode = 0770 access based share enum = yes hide unreadable = yes Please help i'm all out of ideas and i really need this to works Thank you
Hi Giovanna trying adding the following packages: apt-get install libnss-winbind libpam-winbind Let me know, if that helps? Thanks
