My status is: it's working:
smbd -b |egrep 'KRB|LDAP' # Shows Samba has needed Libs. > Time must be (i think) within 15 min between kdc and client > net ads info # Show AD info including time > date # Check time on local host > > Test if the client has been joined to the domain. > net ads testjoin # Shows join is ok > If you run the following command without specifying a valid domain > '--user=', or the password is incorrect, you will see this: "...Client > not found in Kerberos database" > net ads search '(objectCategory=group)' > > If you try to run the following command with a valid user, you will see > a huge dump. > net --user=myuser ads search '(objectCategory=group)' it's not working: getent group getent password or to authenticate a group.. another thing: we have: samba, winbind, kerberos, time than to be able to let an AD group to have access read, write to a folder we need acl or something else? my main issue are: how to check the kerberos works fine? all the info over the internet shows the same.. i installed x on centos to manage samba in a visual maner.. if i want to create a share and specify which users / groups can access that share i can not see the users /groups.. so, there is something fishy.... testparm from samba is ok Any help / ideea it will be appreciated:) Gabi On Thu, Jul 30, 2009 at 6:05 PM, John Stile<j...@stilen.com> wrote: > I wonder if that means that you didn't join the domain, or you aren't > joining with a domain admin account, or you aren't performing operations > using an the credentials of a domain user. > > Check you have the libs. > smbd -b |egrep 'KRB|LDAP' # Shows Samba has needed Libs. > > Does /etc/krb5.conf look correct for your domain? > > Check you have the libs. > smbd -b |egrep 'KRB|LDAP' # Shows Samba has needed Libs. > > Time must be (i think) within 15 min between kdc and client > net ads info # Show AD info including time > date # Check time on local host > > Test if the client has been joined to the domain. > net ads testjoin # Shows join is ok > > If you run the following command without specifying a valid domain > '--user=', or the password is incorrect, you will see this: "...Client > not found in Kerberos database" > net ads search '(objectCategory=group)' > > If you try to run the following command with a valid user, you will see > a huge dump. > net --user=myuser ads search '(objectCategory=group)' > > On Thu, 2009-07-30 at 09:26 -0500, Hoover, Tony wrote: >> Have you configured your /etc/krb5.conf file? >> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba