Ubuntu Samba在windows2003 AD域内做文件共享服务器-求帮助

[oocd0000]

想做个文件服务器通过域账号来登录和控制权限，初学linux很多不懂，查了资料，按照资料搭建环境，遇到点问题，
求高手指教。

环境：Win2003 Standard AD+DNS.
Ubuntu server 14.10 + Samba version: 2:4.1.11+dfsg-1ubuntu2.2

遇到错误描述：
从windows可以访问打开\\ubuntu samba，看得到共享目录，但是点目录进去，提示输入账号和密码，全部域账号试过都访问不了。
linux samba需要做域账号跟本地账号类似map映射之类的吗？感觉是账号权限的问题.

已经成功加入域，从win2003 AD上可以看到该ubuntu samba服务器， wbinfo -u -g可以看到域内账号和组信息。
下面给出smb.conf nsswitch.conf krb5.conf和testparm 信息， 还有其他需要提供的信息请告知。

smb.conf 设置如下：
#======================= Global Settings =======================

[global]

workgroup = MHETEST

# server string is the equivalent of the NT Description field
server string = cd-files01(Ubuntu)
security = ads
os level =33
realm = MHETEST.COM
client use spnego = yes
domain master = no
winbind separator = /
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
template homedir = /home/%D/%U

# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no

#### Networking ####


#### Debugging/Accounting ####

log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d


####### Authentication #######

# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
#
# Most people will want "standalone sever" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
server role = member server
passdb backend = tdbsam
obey pam restrictions = yes

unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

map to guest = bad user

########## Domains ###########



############ Misc ############
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash

usershare allow guests = yes

#======================= Share Definitions =======================


[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0770
[testshare]
comment = test share
browseable = yes
path = /home/share
printable = no
writeable = yes
valid users = admin,test01 #是域用户，本地无此账号
write list = admin,test01 #是域用户，本地无此账号

# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no

; write list = root, @lpadmin

nsswitch.conf配置：
passwd: files winbind
group: files winbind
shadow: files winbind

hosts: files dns wins
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

krb5.conf配置：
root@CD-SRV01:~# vi /etc/krb5.conf
[libdefaults]
Default_realm = MHETEST.COM

# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
MHETEST.COM = {
kdc = 192.168.3.200:88
admin_server = 192.168.3.200
default_domain = mhetest.com
}
[domain_realm]
.mhetest.com = MHETEST.COM
mhetest.com = MHETEST.COM
[login]
krb4_convert = true
krb4_get_tickets = false


testparmj结果：
root@CD-SRV01:~# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[printers]"
Processing section "[testshare]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[poloshiao]

但是点目录进去，提示输入账号和密码，全部域账号试过都访问不了。

1. 試試 (Ubuntu Samba Server)
https://help.ubuntu.com/stable/servergu ... ba-dc.html
sudo smbpasswd -a sysadmin

2. 如果還不行 試試 (Windows 2003)
https://www.imss.caltech.edu/node/395
Enabling NTLMv2 on Windows Server 2003 Computers

3. 參閱
https://help.ubuntu.com/stable/serverguide/samba.html