Jeremy Allison wrote:
On Mon, Dec 06, 2004 at 02:29:29PM -0800, Tom Skeren wrote:
I'm about ready to smash my head through a wall...I could use a few answers.
1. When using security = ads, and completing net ads join, it was my understanding that samba authenticated username/pword against ads, and local posix accounts were nolonger needed, is this true?
Yes, so long as you have nsswitch and pam set up correctly. It sounds
like you don't.
Pam appears to be setup correctly. At this time winbindd.log has this:
[2004/12/07 09:49:16, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313) krb5_cc_get_principal failed (No such file or directory)
Which seems to be a kerberos problem. However, kinit is working properly. Also ldapsearch -Y GSSAPI works, and adds additional kerberos tickets, so that I find it difficult to believe it's a kerberos problem. I have a feeling it's a smb.conf problem, but I cannot locate it.
Jeremy.
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
