coulix
Dabbler
- Joined
- Feb 12, 2018
- Messages
- 14
Hello there ~
Freenas: FreeBSD SUPERNAS.local.chefclub.tools 11.1-STABLE FreeBSD 11.1-STABLE #0 45cac2c77(freenas/11-stable)
Samba: Version 4.7.3
I am a bit lost having 0 expertise in Windows.
I have a samba4 running on an other server acting as our domain controller.
On mac `username/pass` works.
On windows, I set CHEFCLUB workgroup and tried local.chefclub.tools/{username} but it fails to connect.
When looking at the samba logs I see:
Mac:
Windows:
without FQDN (local.chefclub.tools):
With: -> Nothing and windows tells me that I dot have the necessary authorizations to use this network ressource.
My Freenas smb.conf
Krb5.conf
Then, domain controller samba
and krb5.conf
Freenas: FreeBSD SUPERNAS.local.chefclub.tools 11.1-STABLE FreeBSD 11.1-STABLE #0 45cac2c77(freenas/11-stable)
Samba: Version 4.7.3
I am a bit lost having 0 expertise in Windows.
I have a samba4 running on an other server acting as our domain controller.
On mac `username/pass` works.
On windows, I set CHEFCLUB workgroup and tried local.chefclub.tools/{username} but it fails to connect.
When looking at the samba logs I see:
Mac:
check_ntlm_password: authentication for user [greg] -> [greg] -> [CHEFCLUB\greg] succeeded
Windows:
without FQDN (local.chefclub.tools):
check_ntlm_password: Authentication for user [greg] -> [greg] FAILED with error NT_STATUS_LOGON_FAILURE, authoritative=1
[2018/03/15 15:12:17.718309, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [THEO]\[greg] at
[Thu, 15 Mar 2018 15:12:17.718291 CET] with [NTLMv2]
status [NT_STATUS_LOGON_FAILURE] workstation [THEO] remote host
[ipv4:192.168.0.29:50074] mapped to [THEO]\[greg]. local host [ipv4:192.168.0.106:445]
THEO is the computer windows name.
With: -> Nothing and windows tells me that I dot have the necessary authorizations to use this network ressource.
My Freenas smb.conf
Code:
[global] interfaces = 127.0.0.1 192.168.0.106 bind interfaces only = yes encrypt passwords = yes dns proxy = no strict locking = no oplocks = yes deadtime = 15 max log size = 51200 max open files = 941105 logging = file load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes getwd cache = yes guest account = nobody map to guest = Bad User obey pam restrictions = yes ntlm auth = yes directory name cache size = 0 kernel change notify = no panic action = /usr/local/libexec/samba/samba-backtrace nsupdate command = /usr/local/bin/samba-nsupdate -g ea support = yes store dos attributes = yes lm announce = yes acl allow execute always = true dos filemode = yes multicast dns register = yes domain logons = no idmap config *: backend = tdb idmap config *: range = 90000001-100000000 server role = member server workgroup = CHEFCLUB realm = LOCAL.CHEFCLUB.TOOLS security = ADS client use spnego = yes local master = no domain master = no preferred master = no ads dns update = no winbind cache time = 7200 winbind offline logon = yes winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind use default domain = yes winbind refresh tickets = yes winbind nss info = rfc2307 idmap config CHEFCLUB: backend = rid idmap config CHEFCLUB: range = 20000-90000000 allow trusted domains = no client ldap sasl wrapping = plain template shell = /bin/sh template homedir = /mnt/chocolat/homedir/%D/%U netbios name = SUPERNAS netbios aliases = SUPERNAS create mask = 0666 directory mask = 0777 client ntlmv2 auth = no dos charset = CP437 unix charset = UTF-8 log level = 2 [openbar] path = "/mnt/brioche/openbar" printable = no veto files = /.snapshot/.windows/.mac/.zfs/ writeable = yes browseable = yes access based share enum = no vfs objects = zfs_space zfsacl streams_xattr hide dot files = yes guest ok = no nfs4:mode = special nfs4:acedup = merge nfs4:chown = true zfsacl:acesort = dontcare
Krb5.conf
Code:
[appdefaults] pam = { forwardable = true ticket_lifetime = 86400 renew_lifetime = 86400 } [libdefaults] dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h clockskew = 300 forwardable = yes default_realm = LOCAL.CHEFCLUB.TOOLS [domain_realm] local.chefclub.tools = LOCAL.CHEFCLUB.TOOLS .local.chefclub.tools = LOCAL.CHEFCLUB.TOOLS LOCAL.CHEFCLUB.TOOLS = LOCAL.CHEFCLUB.TOOLS .LOCAL.CHEFCLUB.TOOLS = LOCAL.CHEFCLUB.TOOLS [realms] LOCAL.CHEFCLUB.TOOLS = { kdc = dc1.local.chefclub.tools admin_server = dc1.local.chefclub.tools kpasswd_server = dc1.local.chefclub.tools default_domain = LOCAL.CHEFCLUB.TOOLS } [logging] default = SYSLOG:INFO:LOCAL7
Then, domain controller samba
Code:
[global] netbios name = DC1 realm = LOCAL.CHEFCLUB.TOOLS server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns workgroup = CHEFCLUB idmap_ldb:use rfc2307 = yes ldap server require strong auth = no dns forwarder = 8.8.8.8,8.8.4.4 [netlogon] path = /var/lib/samba/sysvol/local.chefclub.tools/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No
and krb5.conf
Code:
[libdefaults] default_realm = LOCAL.CHEFCLUB.TOOLS dns_lookup_realm = false dns_lookup_kdc = true
Last edited: