Re: [Samba] Samba-W3K-ADS

Wed, 14 Jul 2004 16:57:39 -0700

My testing has shown that when using "security = ads" and specifying \\ipaddress\share, Kerberos fails with "PRINCIPAL_UNKNOWN" and auth then falls through (in my case, either NTLMv1 or NTLMv2 - I have tested with both). So maybe you should try it with your hostname, or hostname.FQDN, and check out what happens with ethereal. Maybe your fall-through auth-n is failing (easy to do with NTLMv2).

Of course, these results are specific to my test environment, so maybe this is not pervasive behavior.

Eric Roseme
Hewlett-Packard

Ben Schmaus wrote: 
Versions:

OS: Redhat ES Linux 3.0
Windows OS: Windows 2003 & Active Directory
Samba: samba-3.0.5rc1-2_rh9.i386.rpm
Kerberos: krb5-1.3.4-i686-pc-linux-gnu.tar
Using Windbind: Yes

Objective:

Allow Samba/Linux server to authenticate off of active directory to access
Samba shares.

Problem:

I can get to some shares, but not to the user home shares.  When trying to
access a user home share I get prompted for a password even though I have
already connected to other shares with the same user name.  And even if I
enter the username and password, access is denied.  I am currently trying
this by doing a 'net use * \\ip address\home share'.

Smb.conf

[global] workgroup = DOMAIN netbios name = RCRH03 server string = RCRH03
security = ADS
realm = DOMAIN.COM password server = 10.1.1.28
wins server = 10.1.1.28
client use spnego = yes
client signing = yes
encrypt passwords = yes
printcap name = cups disable spoolss = Yes show add printer wizard = No idmap uid = 15000-20000 idmap gid = 15000-20000 winbind separator = + winbind use default domain = Yes winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
use sendfile = Yes printing = cups ldap suffix = "dc=domain, dc=com"
winbind cache time = 0
log level = 10
log file = /var/log/samba.log
max log size = 5000000
debug timestamp = yes


[homes] comment = Home Directories valid users = %U path = /home/%D/%U
public = Yes read only = No browseable = No

[apps] comment = OSCAR path = /apps valid users = @dev, @REDHAT
admin users = @dev, @REDHAT
read only = No
browseable = Yes [printers] comment = All Printers path = /var/spool/samba printer admin = root create mask = 0600 guest ok = Yes printable = Yes use client driver = Yes browseable = No 

[public]
comment = test
path = /spare
read only = No
browseable = Yes

_____________________________________________________________________
This message has been checked for all known viruses by the MessageLabs Virus Scanning 
Service for Chronimed, Inc.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to