[Samba] Problem with security = ads

Mon, 22 Aug 2005 00:33:54 -0700 

Hi list,

i am having trouble authenticating users against an
windows 2003 sp1 ads.

I am using samba 3.0.20-0.1

Here is my smb.conf:

        workgroup = SIV
        map to guest = Bad User
        security = ads
        password server = ads01.siv.de
        realm = siv.de
        client ntlmv2 auth = yes
        spnego = yes


My krb5.conf:

[libdefaults]
        default_realm = SIV.DE
        dns_lookup_realm = false
        dns_lookup_kdc = false
        clockskew = 300
        #
        # Set this to false to disable MIT krb5 compatibility
        # in GSSAPI get_mic/verify_mic, and become compatible
        # with older Heimdal releases instead.
        gss_mit_compat = true
[realms]
        SIV.DE = {
                kdc = ads01.siv.de
                #admin_server = ads01.siv.de
                default_domain = siv.de
        }
[domain_realm]
        .siv.de = SIV.DE
        siv.de  = SIV.DE
[logging]
        default = SYSLOG:NOTICE:DAEMON
        kdc = FILE:/var/log/kdc.log
        kadmind = FILE:/var/log/kadmind.log
[appdefaults]
        pam = {
                ticket_lifetime = 1d
                renew_lifetime = 1d
                forwardable = true
                proxiable = false
                retain_after_close = false
                minimum_uid = 0
                debug = false
        }


As you can see i do not use winbind. Is the wrong, i.e. is winbind
required to authenticate users against ads ?

The configuration itself works nearly right.
When i try to access the samba server via windows is see in
the log file:

Username SIV.DE/regner is invalid on this system


When i login as user 'regner' (without domain prefix) and
password the login works successful ! I´ve tested this
behavios with several account. All work successful without
domain prefix.


Can anybody help ??

--



Mit freundlichen Grüßen

Ronny Egner

SIV.AG
Konrad-Zuse-Straße 1
18184 Roggentin

Telefon: +49 (0)3 81 / 25 24 422
Telefax: +49 (0)3 81 / 25 24 399

mailto:[EMAIL PROTECTED]
http://www.siv.de

**********************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity
to whom they are addressed. The views expressed in this
e-mail are those of the individual author and not necessarily
those of SIV.AG.

This footnote also confirms that this email message has
been swept by serval anti-virus tools for the presence
of computer viruses.
**********************************************************************


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to