net ads join -U admin проходит нормально. Получаю сообщение, что вошел в домен DIAM. Дальше:
/usr/local/bin/ntlm_auth --username=lrm
pass:****** ,
получаю: NT_STATUS_OK: Success (0x0)
А дальше ошибки. При попытке
wbinfo -a lrm выдает:
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user lrm with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_WRONG_PASSWORD (0xc000006a)
error messsage was: Wrong Password
Could not authenticate user lrm with challenge/response
Делаю шары для юзеров в самбе. lrm входит в папку pub нормально, может создавать и удалять файлы, но в папку lrm юзер lrm из винды под АД зайти не может. Выскакивает окошко с логином и паролем. Но пароль из AD не подходит.
Вот мой smb.conf:
[global]
workgroup = DIAM
server string = Samba Server
security = ads
hosts allow = 172.16.100. 127.
netbios name = nix
load printers = no
guest account = guest
log file = /var/log/samba/log.%m
max log size = 50
password server = diam-ua
realm = diam.local
winbind separator = +
encrypt passwords = yes
winbind use default domain = no
winbind uid = 10000-15000
winbind gid = 10000-15000
winbind enum users = yes
winbind enum groups = yes
use sendfile = yes
socket options = TCP_NODELAY
local master = no
wins support = yes
# Charset settings
display charset = koi8-r
unix charset = koi8-r
dos charset = cp866
# Use extended attributes to store file modes
store dos attributes = yes
map hidden = no
map system = no
map archive = no
add user script = /usr/sbin/useradd %u
add group script = /usr/sbin/groupadd %g
add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
delete user script = /usr/sbin/userdel %u
delete user from group script = /usr/sbin/deluser %u %g
delete group script = /usr/sbin/groupdel %g
[homes]
comment = Home Directories
browseable = no
writable = yes
[ADusers]
comment = Public Stuff
path = /usr/home/samba
public = yes
writable = yes
printable = no
write list = ads
[lrm]
comment = Roman's Service
path = /usr/home/lrm
valid users = lrm
public = no
writable = yes
printable = no
[personal]
comment = PC Directories
path = /usr/home/pc/%m
public = no
writable = yes
[pub]
path = /usr/home/pub
public = yes
only guest = yes
writable = yes
printable = no
krb5.conf
[libdefaults]
default_realm = DIAM.LOCAL
clockskew = 300
ticket_lifetime = 2400
forwardable = true
proxiable = true
dns_lookup_realm = true
v4_instance_resolve = false
[realms]
DIAM.LOCAL = {
kdc = diam-ua.diam.local:88
admin_server = diam-ua.diam.local:88
default_domain = diam-ua.diam.local
}
[domain_realm]
.diam.local = DIAM.LOCAL
diam.LOCAL = DIAM.LOCAL
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_konvert = false
Версия для распечатки
Шара для юзеров AD и их аутентификация, 
Elf_UA, 22-Ноя-05, 12:58 [смотреть все]
