Dimitri Yioulos wrote:

On Tuesday 13 September 2005 11:09 am, Jason Gerfen wrote:
I am having a hard time getting Samba to authentication correctly
against a Windows Active Directory setup.

Here is a snap of the smb.conf
[global]
       passdb backend = ldapsam
       security = domain
       password server = server1.com server2.com
       prefered master = No
       local master = no
       hide unreadable = yes
       wins support = no
       winbind use default domain = yes
       domain master = No
       netbios name = samba-newb
       workgroup = scl
       prefered master = no
       dns proxy = no
       idmap uid = 15000-20000
       idmap gid = 15000-20000
       realm = server.com
       socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
       add machine script = /usr/sbin/useradd  -c Machine -d
/var/lib/nobody -s /bin/false %m$
       use spnego = yes
       server string = samba-newb
       update encrypted = yes
       domain logons = yes
       winbind separator = +
       winbind enum users = yes
       winbind enum groups = yes
       encrypt passwords = yes
       os level = 20
       template shell = /bin/bash
       template homedir = /home/%D/%U

[newb]
       comment = newb
       inherit acls = Yes
       path = /usr/local/files/
       read only = no
       force group = users
       force user = users
       guest ok = no

I can run the net ads join command which works fine, but if I try to
authentication without a local account I am recieving errors.  Any
assistance or pointers is appreciated.

--
Jason Gerfen
Student Computing Labs, University Of Utah
[EMAIL PROTECTED]

J. Willard Marriott Library
295 S 1500 E, Salt Lake City, UT 84112-0860
801-585-9810

"My girlfriend threated to
leave me if I went boarding...
I will miss her."
~ DIATRIBE aka FBITKK

Jason,

It looks like your smb.conf is set up more for a Samba PDC than for a member server in a Windows AD. Are you looking to make your Samba server a member server? If so:

security = ads
wins server = ip.of.your.winsserver

I don't believe you need:

passdb backend = ldapsam

Is kerberos installed, and do you have krb5.conf set up properly?

I removed the passdb backend = ldapsam
Kerberos is installed and the krb5.conf is working as the kinit and klist work for gathering the TGT's
I also modified the server to = ads
I don't have a wins server, so that is not configured.

I am still experiencing the same problems with having this work as a member server. Any other tips out there?

Dimitri


--
Jason Gerfen

"My girlfriend threated to
leave me if I went boarding...
I will miss her."
~ DIATRIBE aka FBITKK

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to