Active directory integration not working properly with winbind and samba

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by tubaguy50035 on Server Fault See other posts from Server Fault or by tubaguy50035
Published on 2012-10-15T20:14:40Z Indexed on 2012/10/15 21:39 UTC
Read the original article Hit count: 416

Filed under:
|
|
|

I'm trying to get my linux box to use active directory authentication. I believe I have almost everything setup correctly. I'm able to issue wbinfo -g and wbinfo -u and see all the groups and users respectively.

Brief intro to my setup:

The username I use on my linux box to do admin things is nick. My active directory username is nwalke. They have two different passwords. I am able to log in to the box with nick and that user's password and I'm also able to login as nwalke with nwalke's password.

The curious bit:

Upon creating the active directory user's home directory, I run a script that requires root access. This is to setup some system wide things like a samba share for them. When I log in as nwalke, I enter my nwalke password and it succeeds. I'm then greeted with [sudo] password for nick:. If I enter my nwalke password here, it says Sorry, try again.. If I enter nick's password, it says Sorry, user nick is not allowed to execute scriptname as root.

If I do groups as nwalke, I see that magically my user has been given the group nick.

Now, I accidentally thought that nick had a UID of 100, not 1000. So originally in my smb.conf I had idmap uid 1000-10000. The only thing I can think of, is that I logged in with nwalke while that was still set and now I'm just being presented with a UID of 1000 forcing linux to think I'm nick.

I'm not really sure where to go from here. Like I said, I'm fairly certain active directory is communicating with my server properly, but something must not be mapped right on the linux side.

Any thoughts?

Here is my smb.conf:

[global]
    security = ads
    netbios name = hostname
    realm = COMPANY.COM
    password server = adshost.company.com
    workgroup = COMPANY
    idmap uid = 10000-90000
    idmap gid = 10000-90000
    winbind separator = +
    winbind enum users = no
    winbind enum groups = no
    winbind use default domain = yes
    template homedir = /home/%D/%U
    template shell = /bin/bash
    client use spnego = yes
    domain master = no
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes

Let me know if more information about something is required.

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about active-directory

Related posts about samba

  • Unable to connect to Samba printer

    as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
    I have a headless Ubuntu 12.04 server for files and printers. It shares files via Samba just fine. However, the HP PSC-750xi connected to the server via USB is not accessible from my Ubuntu 12.04 laptop. I can browse for it in the Printing control panel, but any attempt to authenticate my ID to the… >>> More

  • Samba folder is gone

    as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
    I seem to have some issues sharing folders from my Ubuntu 12.04 machine to a Win7 machine. After playing around with the settings, I decided to revert to Samba's original setting by reinstalling it: sudo apt-get purge samba sudo rm -rf /etc/samba/ /etc/default/samba sudo apt-get install samba just… >>> More

  • Samba on OS X 10.6.4

    as seen on Server Fault - Search for 'Server Fault'
    I just updated from 10.6.3 to 10.6.4, and now my Samba shares won't mount and won't allow access into the directories. In the logs, I've started to get the following errors, any idea what might have gone wrong? 2010/06/25 15:54:27, 0, pid=13848] /SourceCache/samba/samba-235.4/samba/source/passdb/secrets… >>> More

  • OpenLDAP and Samba, can't log onto Samba share from Windows

    as seen on Server Fault - Search for 'Server Fault'
    The former jackass IT-guy that I'm taking over for had a Samba share setup on a Fedora server that uses our OpenLDAP server to authenticate users who want to log in from Windows. We recently added a new employee and I jumped through the LDAP hoops to add them to the system. However, I can't seem… >>> More

  • Windows 7 Samba issue

    as seen on Server Fault - Search for 'Server Fault'
    We have a strange samba issue affecting only one user. Our samba setup is as follow : Red Hat Enterprise Linux Server release 5.4 (Tikanga) - Samba Server Samba version 3.0.33-3.14.el5 - Samba version Domain Controller WIN2008R2 Standard -… >>> More

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle