Поставил debian 8.1 там уже 4 samba, домен на AD2008R2
Что я только не делал, не получается авторизоваться пользователю.
В домен ввёл , кажется проблема в директиве valid users = @"AD\Domain admins" тут как только не пробовал и полностью домен , и без слеша , и пользователя отдельно.
wbinfo -gdomain admins
denied rodc password replication group
cert publishers
schema admins
enterprise admins
group policy creator owners
domain users
domain computers
dnsadmins
dnsupdateproxy
dhcp usersДомен вида AD.24.RU не знаю зачем так сделали )))))
smb.conf
[global]
workgroup = AD
realm = AD.24.RU
netbios name = 1tb
security = ADS
encrypt passwords = true
dns proxy = no
socket options = TCP_NODELAY
log file = /var/log/samba/log.%m
max log size = 500....
#### Reg-rabotydomain master = no
local master = no
preferred master = no
os level = 0
domain logons = no
wins support = no
#### PRINTERS
.
load printers = no
show add printer wizard = no
printcap name = /dev/null
disable spoolss = yes####
..
idmap uid = 10000 - 40000
idmap gid = 10000 - 40000
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
template shell = /bin/bash
template homedir = /var/shara/%D/%U
winbind refresh tickets = yes
winbind offline logon = yes
winbind cache time = 1440
[shara]
path = /var/shara
read only = no
browseable = yes
inherit permissions = no
admin users = @"AD\Domain admins"
valid users = @"AD\Domain admins"
write list = @"AD\Domain admins"
-----в логах пишет
2015/09/29 19:13:40.060271, 2] ../auth/gensec/spnego.c:743(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_NO_SUCH_USER
[2015/09/29 19:13:40.100792, 1] ../source3/param/loadparm.c:3179(lp_do_parameter)
WARNING: The "idmap uid" option is deprecated
[2015/09/29 19:13:40.100875, 1] ../source3/param/loadparm.c:3179(lp_do_parameter)
WARNING: The "idmap gid" option is deprecated
[2015/09/29 19:13:40.101027, 2] ../source3/param/loadparm.c:3582(do_section)
Processing section "[shara]"
[2015/09/29 19:13:40.104475, 2] ../source3/auth/auth.c:288(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [xxx] -> [xxx] FAILED with error NT_STATUS_NO_SUCH_USER
[2015/09/29 19:13:40.104560, 2] ../auth/gensec/spnego.c:743(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_NO_SUCH_USER---------------------------------------
xxx пользователь в группе domain adminssmbd.log
WARNING: The "idmap uid" option is deprecated
[2015/09/29 19:13:27.322028, 1] ../source3/param/loadparm.c:3179(lp_do_parameter)
WARNING: The "idmap gid" option is deprecated
[2015/09/29 19:13:27.322130, 2] ../source3/param/loadparm.c:3582(do_section)
Processing section "[shara]"
[2015/09/29 19:13:27.322328, 2] ../source3/lib/interface.c:341(add_interface)
added interface eth0 ip=192.168.0.183 bcast=192.168.0.255 netmask=255.255.255.0
[2015/09/29 19:13:27.332642, 0] ../lib/util/become_daemon.c:136(daemon_ready)
STATUS=daemon 'smbd' finished starting up and ready to serve connectionswaiting for connections
[2015/09/29 19:14:27.372953, 2] ../source3/smbd/server.c:419(remove_child_pid)
Could not find child 1521 -- ignoring
[2015/09/29 19:15:27.434786, 2] ../source3/smbd/server.c:419(remove_child_pid)
Could not find child 1536 -- ignoring
[2015/09/29 19:16:26, 0] ../source3/smbd/server.c:1189(main)
smbd version 4.1.17-Debian started.
Copyright Andrew Tridgell and the Samba Team 1992-2013
[2015/09/29 19:16:26.197236, 0] ../lib/util/become_daemon.c:136(daemon_ready)
[2015/09/29 19:17:18, 0] ../source3/smbd/server.c:1189(main)
smbd version 4.1.17-Debian started.
>[оверквотинг удален]
> denied rodc password replication group
> cert publishers
> schema admins
> enterprise admins
> group policy creator owners
> domain users
> domain computers
> dnsadmins
> dnsupdateproxy
> dhcp usersА что показывает wbinfo -u, wbinfo -t ?
У вас конфиг от самбы 3.Х, в 4-ке немного другой...
>[оверквотинг удален]
>> schema admins
>> enterprise admins
>> group policy creator owners
>> domain users
>> domain computers
>> dnsadmins
>> dnsupdateproxy
>> dhcp users
> А что показывает wbinfo -u, wbinfo -t ?
> У вас конфиг от самбы 3.Х, в 4-ке немного другой...wbinfo -u
guest
krbtgt
admin
xxx
qwe
iusr_1nsrv
bux2
rad
rtv
romant
pienov
sklyar
diner
trи т.д
wbinfo -t
checking the trust secret for domain AD via RPC calls succeeded
я уже конфигов 5 перепробовал, есть рабочий ?