Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Samba with ADS authentication

    I managed to set this up on a test box, and it is working fine. However i now have to set it up on a replica of a live system, in a test network and I hhave no idea how to troubleshoot it.
    Running samba3-3.4.11-42.el5 on RHEL5.5

    smb.conf has:
    workgroup = XXX
    realm = XXX.COM
    security = ads
    # use kerberos keytab = yes

    krb5.conf has:
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log

    default_realm = XXX.COM
    dns_lookup_realm = true
    dns_lookup_kdc = true
    ticket_lifetime = 24h
    forwardable = yes

    XXX.COM = {
    kdc = ANIMAL.XXX.COM:88
    # admin_server =
    # default_domain =

    [domain_realm] = EXAMPLE.COM = EXAMPLE.COM

    pam = {
    debug = false
    ticket_lifetime = 36000
    renew_lifetime = 36000
    forwardable = true
    krb4_convert = false

    And nssswitch has:
    passwd: files winbind
    shadow: files winbind
    group: files winbind

    Here is what i did:
    1. Upgrade samba client from the base version (3.0.X) to 3.4
    2. Install the corresponding server and winbind
    3. Copy nsswitch, smb.conf and krb5.conf to the server.
    4. run kinit amdin. This worked.
    5. ran klist. this showed the correct domain token
    6. Ran kdestroy
    7. Ran "join ads -U admin" This worked.
    8. when i run "net ads testjojn" ot says join is ok.

    HOWEVER when i try to browse to the server, it pops up an login box. When i check the logs it is giving:
    check_ntlm_password: Checking password for unmapped user [XXX]\[brian]@[soundwave] with the new password interface

    So its not mapping the users to ADS.

    I have no idea how i managed to get it working on the other system.

    I have obviously forgotten something.

  2. #2
    I can see the users and groups with wbinfo -g and -u.

    Why is samba not using winbind to look up the user?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts