On Thursday 15 September 2005 4:17 pm, you wrote: > Dimitri Yioulos wrote: > >On Thursday 15 September 2005 3:32 pm, you wrote: > >></snip> > >> > >>Ok I think I have found my problem. I need to find a way to map Samba > >>to an active directory common name: > >> > >>%> net ads join -U"Administrator" "cn=users,dc=domain,dc=com" (example, > >>I know the syntax is incorrect) > >> > >>As far as I can tell it is hard coded in the net ads join routine to > >>tack on the ou=users vs. cn=users, anyone shed some light on this? > > > >Uh, I must be missing something here. This is a pretty straightforward > > set-up, right? You want to join this Samba box to a Win2k3 server for > > file- or print-serving purposes? I've always felt that you get a basic > > set-up working first, then start to get fancy. > > > >AFAIK: > > > >1. kinit [EMAIL PROTECTED] > >(You'll be prompted for a password. My systems simply return me to a > > prompt if I'm successful.) > >2. net ads join -U [EMAIL PROTECTED] > >(Again, you'll be prompted for a password. Info about the machine joining > > the AD is returned) > > > >Beyond this, someone else will have to help out. > > > >Best, > > > >Dimitri > > Yeah this works, I can get my krb creds: > > [EMAIL PROTECTED]:~> kinit [EMAIL PROTECTED] > Password for [EMAIL PROTECTED]: > [EMAIL PROTECTED]:~> klist > Ticket cache: FILE:/tmp/krb5cc_1000 > Default principal: [EMAIL PROTECTED] > > Valid starting Expires Service principal > 09/15/05 14:12:30 09/16/05 00:11:16 krbtgt/[EMAIL PROTECTED] > renew until 09/16/05 14:12:30 > > > Kerberos 4 ticket cache: /tmp/tkt1000 > klist: You have no tickets cached > > And this works as well: > > [EMAIL PROTECTED]'s password: > [2005/09/15 14:13:25, 0] libads/ldap.c:ads_add_machine_acct(1405) > ads_add_machine_acct: Host account for odin-newb already exists - > modifying old account > Using short domain name -- DOMAIN.COM > Joined 'ODIN-NEWB' to realm 'DOMAIN.COM' > > But when testing, using wbinfo -u or getent I am getting only the local > passwd accounts. > > [EMAIL PROTECTED]:~> wbinfo -u > Error looking up domain users > > And here is where my accounts need to be authenticted from > > LDAP://server.domain.com/CN=Users,DC=server,DC=domain,DC=com > > Note the CN=Users, vs. OU=Users, I will go read the RFC to see if I can > get more info on this.
So, you're not authenticating against ADS? If you are, are you sure the winbind daemon is running? Dimitri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
