Folgendes steht im Logfile:
Code: Alles auswählen
[2020/03/31 11:36:48.854437, 3] ../source3/auth/auth.c:189(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [MY-LOCAL]\[my-domain-user]@[ClientPC] with the new password interface
[2020/03/31 11:36:48.854467, 3] ../source3/auth/auth.c:192(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [MY-LOCAL]\[my-domain-user]@[ClientPC]
[2020/03/31 11:36:48.854577, 3] ../source3/auth/check_samsec.c:399(check_sam_security)
check_sam_security: Couldn't find user 'my-domain-user' in passdb.
[2020/03/31 11:36:48.854608, 2] ../source3/auth/auth.c:334(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [my-domain-user] -> [my-domain-user] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
[2020/03/31 11:36:48.854690, 2] ../auth/auth_log.c:610(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [MY-LOCAL]\[my-domain-user] at [Di, 31 Mär 2020 11:36:48.854658 CEST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] orkstation [ClientPC] remote host [ipv4:192.168.0.100:51234] mapped to [MY-LOCAL]\[my-domain-user]. local host [ipv4:192.168.0.1:445]
{"timestamp": "2020-03-31T11:36:48.854826+0200", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 0}, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:192.168.0.1:445", "remoteAddress": "ipv4:192.168.0.100:51234", "serviceDescription": "SMB2", "authDescription": null, "clientDoma$
[2020/03/31 11:36:48.854971, 3] ../auth/gensec/spnego.c:1414(gensec_spnego_server_negTokenTarg_step)
gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_NO_SUCH_USER
[2020/03/31 11:36:48.855057, 3] ../source3/smbd/smb2_server.c:3195(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:137
[2020/03/31 11:36:48.856349, 3] ../source3/smbd/server_exit.c:237(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
Ich habe gerade herausgefunden, dass wenn man folgenden Eintrag in die
/etc/sssd/sssd.conf hinzufügt auch das getent group / getent passwd funktioniert
Zuvor musste man immer die Gruppe oder den Benutzer mit angeben.
Der Eintrag im Log sollte das ganze Problem sein. Jedoch weiß ich nicht wie ich dem samba sage, dass es sich um AD Benutzerinformationen handelt.
Code: Alles auswählen
check_sam_security: Couldn't find user 'my-domain-user' in passdb
Ich habe das Log Level auf 6 erhöht und folgendes im Log entdeckt.
Code: Alles auswählen
[2020/04/01 11:17:51.624735, 1] ../source3/librpc/crypto/gse_krb5.c:180(fill_mem_keytab_from_secrets)
fill_mem_keytab_from_secrets: secrets_fetch_or_upgrade_domain_info(MY-LOCAL) - NT_STATUS_CANT_ACCESS_DOMAIN_INFO
[2020/04/01 11:17:51.624797, 3] ../source3/librpc/crypto/gse_krb5.c:571(gse_krb5_get_server_keytab)
../source3/librpc/crypto/gse_krb5.c:571: Warning! Unable to set mem keytab from secrets!
Also ich bin so langsam echt am verzweifeln.
Ich kann am Debian Samba alle Domain User und Gruppen anzeigen.
Ich kann mich am Debian Samba mit su domainuser anmelden.
Aber ich kann mit meinem Windows Client keine Verbindung zu der Samba Freigabe (\\SambaIP) herstellen.
Mein Windows Client und mein Samba Server sind AD Member und sollten sich mit Kerberos authentifizieren können.
Ich versteh auch nicht, weshalb der Eintrag (security = ads) in der smb.conf nicht funktioniert.
Ich verwende übrigens die Samba Version (4.9.5-Debian)
Ich habe jetzt noch die Meldung gezogen weshalb der Samba Service mit dem Eintrag (security = ads) nicht startet.
Code: Alles auswählen
Apr 02 10:40:19 SambaServer.my-local.net nmbd[436]: [2020/04/02 10:40:19.306216, 0] ../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
Apr 02 10:40:19 SambaServer.my-local.net nmbd[436]: *****
Apr 02 10:40:19 SambaServer.my-local.net nmbd[436]:
Apr 02 10:40:19 SambaServer.my-local.net nmbd[436]: Samba name server SambaServer is now a local master browser for workgroup my-local on subnet SambaServerIP
Apr 02 10:40:19 SambaServer.my-local.net nmbd[436]:
Apr 02 10:40:19 SambaServer.my-local.net nmbd[436]: *****
Apr 02 10:40:23 SambaServer.my-local.net sudo[561]: admin : problem with defaults entries ; TTY=pts/0 ; PWD=/home/admin ; USER=root ;
Apr 02 10:40:28 SambaServer.my-local.net sudo[561]: admin : TTY=pts/0 ; PWD=/home/admin ; USER=root ; COMMAND=/usr/bin/systemctl restart smbd.service
Apr 02 10:40:28 SambaServer.my-local.net sudo[561]: pam_unix(sudo:session): session opened for user root by admin(uid=0)
Apr 02 10:40:28 SambaServer.my-local.net systemd[1]: Starting Samba SMB Daemon...
-- Subject: A start job for unit smbd.service has begun execution
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit smbd.service has begun execution.
--
-- The job identifier is 298.
Apr 02 10:40:28 SambaServer.my-local.net smbd[568]: [2020/04/02 10:40:28.779668, 0] ../source3/auth/auth_util.c:1382(make_new_session_info_guest)
Apr 02 10:40:28 SambaServer.my-local.net smbd[568]: create_local_token failed: NT_STATUS_NO_MEMORY
Apr 02 10:40:28 SambaServer.my-local.net smbd[568]: [2020/04/02 10:40:28.781277, 0] ../source3/smbd/server.c:2000(main)
Apr 02 10:40:28 SambaServer.my-local.net smbd[568]: ERROR: failed to setup guest info.
Apr 02 10:40:28 SambaServer.my-local.net systemd[1]: smbd.service: Main process exited, code=exited, status=255/EXCEPTION
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- An ExecStart= process belonging to unit smbd.service has exited.
--
-- The process' exit code is 'exited' and its exit status is 255.
Apr 02 10:40:28 SambaServer.my-local.net systemd[1]: smbd.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit smbd.service has entered the 'failed' state with result 'exit-code'.
Apr 02 10:40:28 SambaServer.my-local.net systemd[1]: Failed to start Samba SMB Daemon.
-- Subject: A start job for unit smbd.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit smbd.service has finished with a failure.
--
-- The job identifier is 298 and the job result is failed.
Apr 02 10:40:28 SambaServer.my-local.net sudo[561]: pam_unix(sudo:session): session closed for user root
Apr 02 10:40:38 SambaServer.my-local.net sudo[573]: admin : problem with defaults entries ; TTY=pts/0 ; PWD=/home/admin ; USER=root ;
Apr 02 10:40:38 SambaServer.my-local.net sudo[573]: admin : TTY=pts/0 ; PWD=/home/admin ; USER=root ; COMMAND=/usr/bin/journalctl -xe
Apr 02 10:40:38 SambaServer.my-local.net sudo[573]: pam_unix(sudo:session): session opened for user root by admin(uid=0)