Created attachment 8611 [details] log files I have Samba 3.6.3 on Ubuntu 12.04 LTS Server witch is part of a AD domain. I downloaded and installed PBIS Open from here: http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True Then joined the domain using the GUI, after that i installed apt-get install system-config-samba witch also installed samba and imported all the users and groups from the AD(it took 2 hours since there are a lot of users), after that i used /opt/pbis/bin/samba-interop-install witch(from what i understand) switched the databases Samba uses to the same ones it uses After that i configured the smb.conf file to my needs and everything worked as expected. The next day it stopped working with this error: root@tueilti-samba:~# smbclient -L localhost -U ga72vuk Enter ga72vuk's password: session setup failed: NT_STATUS_LOGON_FAILURE restarting didn't do anything so i messed around with the configuration and it started working again, then the next day the same error. I didn't set up any winbind or kerberos but is it possible this is due to a ticket expiring and not being renewed?(how can i test this?) I wiped the logs and restarted the smbd and nmbd service and saved the immediate output to log.smbd0 and log.nmbd0 witch is attached here then i tried: root@tueilti-samba:~# smbclient -L localhost -U ga72vuk *Anonymous login attempt* Enter ga72vuk's password: Anonymous login successful Domain=[ADS] OS=[Unix] Server=[Samba 3.6.3] tree connect failed: NT_STATUS_ACCESS_DENIED root@tueilti-samba:~# smbclient -L localhost -U ga72vuk *login attempt with user ga72vuk* Enter ga72vuk's password: session setup failed: NT_STATUS_LOGON_FAILURE and the new log data saved to log.smbd1 and log.nmbd1 i also included log.127.0.0.1 and smb.comf
I'm using PBIS Open for both samba and local log in and since the local log in was working just fine i assumed something is wrong with samba, but i just tried to leave and rejoin the domain and have run into error. Seems like this configuration isn't as good as i initially tough... Do you guys have a better suggestion as how to set up a Samba server on Ubuntu 12.04 LTS Server with AD authentication(Win2008R2)? I just can't seem to find any up to date documentation or tutorials for this scenario.
PBIS Open -- if I read that right that is what Likewise initially developed, right? Samba and winbind are quite capable on their own to join an AD domain. What are your specific requirements that winbind can not fulfill that make you use PBIS Open?
(In reply to comment #2) > PBIS Open -- if I read that right that is what Likewise initially developed, > right? > > Samba and winbind are quite capable on their own to join an AD domain. What are > your specific requirements that winbind can not fulfill that make you use PBIS > Open? Yes, PBIS Open was originally Likewise. First of, i'm quite new to Windows AD, till now i just ran and maintained my own LDAP server and pointed Samba at it by specifying the IP and OU.(using these guides to set up everthing http://tuxnetworks.blogspot.de/2010/07/howto-samba-ldap-on-1004-lucid-short.html) Now i want to make use of the existing Windows AD witch i don't maintain and only have partial admin rights for my OU. All i require is to forward user homes(to use on other machines in my environment) and a public share and limit that to a specific group in the AD, no printing or anything else is required. The PBIS Open guide made it clear and easy how to find and limit services to my AD group on the machine and Samba but the guide was actually done on Red Hat Enterprise Linux 5 desktop running Samba server version 3.0.33 but it was the only guide i could find In short all i need is authentication limited to a specific AD group for Samba(and optionally the local log in). If you have an up to date guide on how to do that on 12.04 LTS server im all for it
Sorry, none of the team uses PBIS and so we can't debug problems with it. Re-open if you can reproduce the problem after using purely Samba code. Jeremy.
(In reply to comment #4) > Sorry, none of the team uses PBIS and so we can't debug problems with it. > > Re-open if you can reproduce the problem after using purely Samba code. > > Jeremy. OK, but how do i make Samba use the AD as authentication back end? That was the purpose of PBIS
Read the docs and ask questions on the mailing list. This doesn't seem like a bug report to me, sorry. Jeremy.