Greetings all.
I am banging my head about this one, I will try to be as specific as
possible, bear with me please.
I have a W2KDC ADC, and trying to join a Samba 3 linux workstation to it.
What works:
net join:� succeeded
wbinfo -t:� checking the trust secret via RPC calls succeeded
wbinfo -m: return to prompt, no output
wbinfo -u: correct list of local + AD members
wbinfo -g: correct list of local + AD groups
kinit: succeeded
klist output for root from the samba machine:
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
11/04/03 23:35:33 11/05/03 09:35:33 krbtgt/[EMAIL PROTECTED]
11/04/03 23:37:26 11/05/03 09:35:33 [EMAIL PROTECTED]
11/05/03 00:28:14 11/05/03 09:35:33 [EMAIL PROTECTED]
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
pam.d/login modified and working
��� AD users can log into local terminal of samba
��� machine, and if home dir is missing, created
��� via use of pam_mkhomedir
telnet/ssh/ftp/etc. all working with local & AD accounts
No accounts in AD overlap linux system accounts
Any windows (all WinXP Pro or Win2K) client's shares can
��� be accessed from the samba/linux system, including any
�� dfs from the AD system.� Example:
������ smbclient -k //adc1/dfs1
��� Succeeds.
Any windows client's shares can be accessed from any other
�� windows client, or the AD server.
What DOESN'T work:
Cannot access any samba shares on the linux machine, from
� the samba system itself, or any windows client.
smbclient -k //samba1/tmp
session setup failed: NT_STATUS_LOGON_FAILURE
However, I can do this:
smbclient //samba1/tmp
Enter password when prompted, and access success.
Of course, any windows client cannot access the samba shares at all, cannot
even browse the machine's share list, and it does not show up in Network
Places although all other systems do.
/etc/samba/smb.conf: (edited for brevity)
[global]
������ �workgroup = THIS
������� realm = THIS.DOMAIN
������� security = ADS
netbios name = SAMBA1
������� map to guest = Bad User
������� obey pam restrictions = Yes
������� password server = *
������� wins server = 50.50.50.50� #(IP of ADS)
������� idmap uid = 10000-20000
������� idmap gid = 10000-20000
������� template shell = /bin/bash
������� winbind separator = +
������� winbind use default domain = Yes
[homes]
������� comment = Home Directories
������� path = %H
������� valid users = %S
������� read only = No
��� ����create mask = 0600
������� directory mask = 0700
������� browseable = No
[tmp]
������� comment = Temporary file space
������� path = /tmp
������� read only = No
������� guest ok = Yes
Ron L. Smith
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
