Re: AW: [Samba] Help for Samba 3 and Win ADS

[Denis M.J.]

Hi Dieter,

There are several things you need to set up on the samba server for AD 
user to have access to it.

* To be in the AD/domain
   - smb.conf with the proper security mode, password server and realm
   - net join the AD
   - make sure the samba machine shows up in the list of trusted 
computers and is properly accessible (DNS and that kind)
   - make sure smbd, nmbd and winbind run
      you can than check the list of users with the command
       $ getent passwd

* To let users access unix services
   - set up nsswitch.conf so passwd and group also use winbind
   - set up pam properly, ie let it use winbind too.
I think this should work. At least that's what the doc says.
I am not really familiar with the error you're getting but it might be 
because you're not using winbind.
Quote from the doc:
"If winbindd is not running, smbd (which calls winbindd) will fall back to
using purely local information from /etc/passwd and /etc/group and no
dynamic mapping will be used."

So make sure winbind is running, the HOWTO explains how to add it to you 
/etc/init.d/samba.
It might vary depending on where you got samba from (official package or 
distribution package).
Chapter 21 is on winbind.

I hope it works out for you.
Denis
Dieter Wilkens wrote:

Hi Denis,

I just tried this but still I can't log on the samba server with a domain user!

If I try to do so I get the error:

[2003/10/29 08:48:37, 0] auth/auth_util.c:make_server_info_info3(1017)
 make_server_info_info3: pdb_init_sam failed!
in the log file of the client on samba server...

Is there anytihng else I have to adjust on the samba server?
I sucessfully joined the domain with ADS and can see the server from my windows 
machine - but as soon as I try to connect I get the error (exept with one user that I 
created on the linux server....)!
Any ideas?

Here is my smb.conf

**********************************************************************

#======================= Global Settings =======================
[global]
       log file = /var/log/samba/log.%m
       server string = %h server (Samba %v)
       socket options = TCP_NODELAY
       encrypt passwords = yes
       security = ads
       realm = <MYREALM>
       workgroup = <MYDOMAIN>
       password server = <MYWINPDC>
       syslog = 0
#====================== Shares =================================
[daten]
comment = Daten auf Debian 
path = /daten
browsable = yes
guest ok = yes

**********************************************************************



-----Urspr?ngliche Nachricht-----
Von: Denis M.J. [mailto:[EMAIL PROTECTED] 
Gesendet: Dienstag, 28. Oktober 2003 21:52
An: Dieter Wilkens
Cc: [EMAIL PROTECTED]
Betreff: Re: [Samba] Help for Samba 3 and Win ADS

If you're joining the AD you can use the mode ADS with the lines # smb.conf:
   security = ADS
   realm =  your.kerberos.realm
   encrypt passwords = yes
   password server = MYWINPDC
please refer to section 7.4 (Domain Membership - Samba ADS Domain 
Membership) in the HOWTO.



Dieter Wilkens wrote:

 

Thanks for that hint.
I downloaded the HOTO and tried to make everything like descibed there 
but it is still not working ;-(

I set the 'security = domain" the 'workgroup = MYDOMAIN' and the 
'password server = MYWINPDC' in the smb.conf and restartet samba. After 
that I tried the 'net join -S MYWINPDC -UMyAdmin%MyPassword' and get 
the following result:

'realm must be set in smb.conf for ADS join to succeed.
ADS join did not work, faling back to RPC...
Joined domain MYDOMAIN'


   

From the PDC I can see the sambe server in ADS and in the network
       

  

     

neighborhood. If I try to connect samba asks for a username and 
password (should be OK with the DOMAIN-Admin.....). So I type in the 
Admin and PAssword but without getting a connection. In the logfile on 
the samba server there are the following lines in
'log.MYWINPDC':

'[2003/10/28 10:18:50, 0] auth/auth_util.c:make_server_info_info3(1017)
make_server_info_info3: pdb_init_sam failed!
[2003/10/28 10:18:50, 0] auth/auth_util.c:make_server_info_info3(1017)
make_server_info_info3: pdb_init_sam failed!
[2003/10/28 10:19:28, 0] auth/auth_util.c:make_server_info_info3(1017)
nake_server_info_info3: pdb_init_sam failed!'
Any ideas wahts going wrong here?

Regards

 Dieter

"Adam Williams" <[EMAIL PROTECTED]> schrieb im Newsbeitrag 
news:[EMAIL PROTECTED]

   

Just started to play around with Samba 3 (on debian 3.0) and a 
win2000 domain. Can anyone help me to integrate the Samba server into 
the win domain? It should act as a file server for the useres and 
groups from
    

       

win

   

and therefor I need different rights and permissions for the 
shares... Any help is appreciated ;-)
    

       

See the Samba-HOWTO-Collection available on the Samba website.  It 
covers this in detail.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
  

     



   



 



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba