When I login the samba server, it complains: Access denied. But everything seems OK.I have setup the krb5.conf, samba.conf, nsswitch.conf, and kinit aduser@DOMAIN.NET, wbinfo -a DOMAIN/aduser%thepasswd works fine, and both of wbinfo -u and wbinfo -g list the users and groups from AD, and getent passwd also list the users from AD. The global section in smb.conf is as following:
workgroup = DOMAIN
security = ads
realm = DOMAIN.NET
preferred master = no
encrypt passwords = yes
winbind separator = /
winbind enum users = yes
winbind enum groups = yes
idmap uid = 654321-854321
idmap gid = 654321-854321
template shell = /bin/bash
Could someone give me some suggestion?
FIXED. It seems there is something wrong with winbind separator = /. I comment out this line(this will take the default MS AD separator ) or set winbind separator = + and login with the format: domain\aduser or domain+aduser. It works. Hope this helpful.