Find the answer to your Linux question:
Results 1 to 1 of 1
Hi there, I’m having a few problems getting a single Debian Etch box (kernel 2.6.18-4-486), using Samba 3.0.24-6, to communicate with an Active Directory system on a Small Business Server ...
  1. 06-18-2007 #1
    developer david
    developer david is offline
    Just Joined!
    Join Date
    Jun 2007
    Posts
    1

    Question Problems with Samba/Active Directory

    Hi there,

    I’m having a few problems getting a single Debian Etch box (kernel 2.6.18-4-486), using Samba 3.0.24-6, to communicate with an Active Directory system on a Small Business Server 2003 box (version 5.2 service pack 2). The steps I’ve taken are:

    1. Confirmed both FQNL and reverse lookup is being performed and can be viewed on the Debian machine.
    2. Made sure that PAM, Kerberos (1.4.4-7), winbind and Samba are installed.
    3. Confirmed that the required Kerberos tickets are created with the command:

    kinit administrator@WIN.OFFICE.COMPANYNAME.COM

    klist (which stated the tickets were created and would expire the next day)

    4. Created a user account called ‘administrator’ on the Linux box, which has the same password as the one on the Win Small Business server 2003 box (acting as PDC, KDC and DNS). I also only created the administrator with only basic user right as I was not sure if the user should have the same sort of rights as that on the SBS 2003 machine, who is a super user. I have created two identical users as I understand that I then do not have to set up winbind.
    5. I’ve modified the standard krb5.conf file with the details:

    [realms]
    OFFICE.COMPANYNAME.COM = {
    kdc = sbserver.win.office.companyname.com
    admin_server = sbserver.win.office.companyname.com
    }

    6. I’ve modified the smb.conf file, with the details:

    [global]
    security = ads
    password server = sbserver
    encrypt passwords = yes
    workgroup = win
    realm = WIN.OFFICE.COMPANYNAME.COM
    netbios name = DBLINUX
    idmap uid = 10000-20000
    idman gid = 10000-20000
    winbind enum users = yes
    winbind enum groups = yes
    winbind use default domain = Yes

    7. When a permissions problem seemed to occur on the Secret.tdb, I made it possible that all users could both read and write to it.
    8. I’ve noted that smbd, nmbd and winbind are started when I reboot.
    9. Once I’ve logging in as the administrator I’m trying to connect with the command:

    net ads join –W win –S sbserver –U administrator

    The message I receive after I’ve asked for the password and then have entered it is:

    libsmb/cliconnect.c:cli_session_setup_spnego(785)

    kinit failed krb5 error code 68

    Failed to join domain!

    Also just to confirm:

    Domain name = win
    Fully qualified domain name = win.office.companyname.com
    Host name of domain controller, which also has Kerberos server and Active Directory server = sbserver

    I am a bit new to Debian linux so please excuse newbie mistakes,

    Regards and thanks for any help,

    Dave.
    Last edited by developer david; 06-18-2007 at 05:18 PM. Reason: Was not very clear.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules