[Freeipa-users] FreeIPA 3.3.3-28 Integration with Samba 4.1.1-37 Problems
Jason Smith
jasonsmith at attask.com
Tue Oct 28 18:36:58 UTC 2014
A little history. We migrated from an OpenLDAP system to FreeIPA. The IPA
version is listed above. I have samba installed and integrated directly on
the FreeIPA box.
The problem we're having are users who were migrated can no longer can see
the samba shares. We are connecting to these shares through Mac OSX. When
accessing the share with smbclient -L mydomain at domain.com I get the
response *session setup failed: NT_STATUS_CONNECTION_DISCONNECTED. *This
is the response I get when connected to the FreeIPA/Samba box.
Users were able to access these shares, then overnight, they weren't. No
changes were made to the samba config or the FreeIPA. *Any new user
created through FreeIPA can see and browse any share they have access to.*
If there's any other information needed, please let me know. Thank you!!!
Below are a couple configs I have set:
*Samba global settings*
[global]
workgroup = ATTASK
netbios name = IPA01
realm = ATTASK.CORP
passdb backend = ipasam:ldapi://%2fvar%2frun%2fslapd-ATTASK-CORP.socket
kerberos method = dedicated keytab
dedicated keytab file = FILE:/etc/samba/samba.keytab
log file = /var/log/samba/log.%m
max log size = 100000
disable spoolss = Yes
domain logons = Yes
domain master = Yes
ldap group suffix = cn=groups,cn=accounts
ldap machine suffix = cn=computers,cn=accounts
ldap suffix = dc=attask,dc=corp
ldap ssl = no
ldap user suffix = cn=users,cn=accounts
registry shares = Yes
create krb5 conf = No
rpc_daemon:lsasd = fork
rpc_daemon:epmd = fork
rpc_server:tcpip = yes
rpc_server:netlogon = external
rpc_server:samr = external
rpc_server:lsasd = external
rpc_server:lsass = external
rpc_server:lsarpc = external
rpc_server:epmapper = external
ldapsam:trusted = yes
idmap config * : backend = tdb
*User Not Working:*
dn: uid=test,cn=users,cn=accounts,dc=attask,dc=corp
uid: test
sn: test
cn: test
mail: test at test.com
nsaccountlock: False
has_password: True
has_keytab: True
dialupAccess: yes
displayName: test test
emailPassword: YTdiMDE4Y2Q1N2QwOWJjZTg0OWMxZThjNTgyNTFmNTlw==
gidNumber: 107001365
givenName: test
homeDirectory: /home/test
ipaNTSecurityIdentifier: S-1-5-21-1103557689-1565082434-1264062975-2355
ipaUniqueID: 607de82c-562b-11e4-b263-5254003b1df7
krbExtraData: AAJwtE9Ucm9vdC9hZG1pbkdvvBBVFR09SUAA=
krbLastFailedAuth: 20141028151647Z
krbLastPwdChange: 20141028152120Z
krbLastSuccessfulAuth: 20141028152012Z
krbLoginFailedCount: 0
krbPasswordExpiration: 20150122152120Z
krbPrincipalName: test at ATTASK.CORP
krbTicketFlags: 128
loginShell: /sbin/nologin
memberof: cn=ipausers,cn=groups,cn=accounts,dc=attask,dc=corp
memberof: cn=attask,cn=groups,cn=accounts,dc=attask,dc=corp
memberof: cn=clientservices,cn=groups,cn=accounts,dc=attask,dc=corp
objectClass: krbticketpolicyaux
objectClass: ipaobject
objectClass: organizationalperson
objectClass: top
objectClass: customPersonAttributes
objectClass: ipasshuser
objectClass: inetorgperson
objectClass: sambaSamAccount
objectClass: person
objectClass: inetuser
objectClass: krbprincipalaux
objectClass: radiusProfile
objectClass: posixaccount
objectClass: ipaSshGroupOfPubKeys
objectClass: ipantuserattrs
radiusTunnelMediumType: IEEE-802
radiusTunnelPrivateGroupId: 1424
radiusTunnelType: VLAN
sambaPwdLastSet: 0
sambaSID: S-1-5-21-1103557689-1565082434-1264062975-5622
uidNumber: 107001355
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141028/361b54d0/attachment.htm>
More information about the Freeipa-users
mailing list