Answer the question
In order to leave comments, you need to log in
N
N
nordz0r2021-10-27 14:27:22
nordz0r, 2021-10-27 14:27:22
How to login to a samba share without specifying a domain in the login?
Good afternoon. I have
1. Server Debian 10 samba-ad-dc 4.9 as a domain controller with user accounts (Domain CLOUD.DOMAIN.RU). Name: s1
2. To s1 strongswan VPN server where users connect (vpn.domain.ru)
3. Debian 11 samba 4.13 server with file server.
name s2.cloud.domain.ru (also available via fs.s2.domain.ru alias) won't let you). How can I make it so that only login can be used
Config smb.conf server s1 (DC)
# Global parameters
[global]
netbios name = DC1
realm = CLOUD.DOMAIN.RU
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = CLOUD
idmap_ldb:use rfc2307 = yes
bind interfaces only = yes
interfaces = 127.0.0.1 10.18.18.10
ldap server require strong auth = no
domain master = yes
local master = yes
preferred master = yes
winbind use default domain = yes
vfs objects = acl_xattr full_audit
map acl inherit = yes
inherit permissions = yes
inherit owner = yes
store dos attributes = yes
# TLS
tls enabled = yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
tls cafile = tls/ca.pem
# NTLM FIX
ntlm auth = Yes
[netlogon]
path = /var/lib/samba/sysvol/cloud.DOMAIN.RU/scripts
browseable = No
read only = No
[sysvol]
path = /var/lib/samba/sysvol
browseable = No
read only = NoConfig smb.conf server s2 (FS)
# Global parameters
[global]
netbios name = S2
security = ADS
workgroup = CLOUD
realm = CLOUD.DOMAIN.RU
encrypt passwords = yes
# Default idmap config for local BUILTIN accounts and groups
idmap config * : backend = tdb
idmap config * : range = 3000-7999
# idmap config for the CLOUD domain
idmap config CLOUD : backend = rid
idmap config CLOUD : range = 10000-999999
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
vfs objects = acl_xattr full_audit
map acl inherit = yes
inherit permissions = yes
inherit owner = yes
store dos attributes = yes
# Disable printers
load printers = no
show add printer wizard = no
printcap name = /dev/null
disable spoolss = yes
# TLS
tls enabled = yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
tls cafile = tls/ca.pem
# NTLM FIX
ntlm auth = Yes
#client ntlmv2 auth = Yes
# LOG
log level = 1 auth:2 vfs:1
log file = /var/log/samba/log.%I
max log size = 1024
# audit
full_audit:failure = stat
full_audit:success = open
full_audit:facility = local5
full_audit:priority = notice
# RECYCLE
recycle:repository = .recycle/%U
# FS
[public]
path = /data/fs4-doc
read only = No
write ok = Yes
browseable = No
guest ok = no
public = no
full_audit:prefix = [public] %u|%I|%SLogs:
1. Connecting from the localhost (do not enter the domain)
[email protected]:/data# tailf /var/log/samba/log.10.18.18.101
[2021/10/27 15:54:11.542724, 2] ../../source3/auth/auth.c:323(auth_check_ntlm_password)
check_ntlm_password: authentication for user -> -> [CLOUD\u3557] succeeded
[2021/10/27 15:54:15.184074, 2] ../../source3/auth/auth.c:323(auth_check_ntlm_password)
check_ntlm_password: authentication for user -> -> [CLOUD\u3557] succeeded
[2021/10/27 15:54:17.117996, 2] ../../source3/auth/auth.c:323(auth_check_ntlm_password)
check_ntlm_password: authentication for user -> -> [CLOUD\u3557] succeeded
[2021/10/27 15:54:19.476640, 2] ../../source3/auth/auth.c:323(auth_check_ntlm_password)
check_ntlm_password: authentication for user -> -> [CLOUD\u3557] succeeded
[2021/10/27 15:54:19.492014, 2] ../../source3/auth/auth.c:323(auth_check_ntlm_password)
check_ntlm_password: authentication for user -> -> [CLOUD\u3557] succeeded1. Connection via VPN (do not enter the domain)
[email protected]:/data# tailf /var/log/samba/log.10.18.20.1
[2021/10/27 15:52:39.009845, 2] ../../source3/auth/auth.c:344(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [u3599] -> [u3599] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
[2021/10/27 15:52:40.588938, 2] ../../source3/auth/auth.c:344(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [u3599] -> [u3599] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
[2021/10/27 15:52:42.158677, 2] ../../source3/auth/auth.c:344(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [u3599] -> [u3599] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
[2021/10/27 15:52:43.736559, 2] ../../source3/auth/auth.c:344(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [u3599] -> [u3599] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
[2021/10/27 15:52:45.314993, 2] ../../source3/auth/auth.c:344(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [u3599] -> [u3599] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1Obviously the problem is that now there is no parameter map untrusted to domain = yes , but how to get around this?
Similar questions
S
D
H
G
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question