soleblazer wrote: > > So I think alot of this is setup. My problem is I cannot get Samba to > authenticate to AD. When I am logged into a windoze box and try and > get to > a share, the password dialogue comes up. I enter my AD username/password > and it never works. For the share I made the AD group that I belong > to in > the write list. Do I need to do anything else? >
I have just been through this myself. Hopefully my experience can help First off - shouldn't it be "workgroup = MYDOMAIN", and I see no mention of winbind - if you expect to control access via AD groups, you'll need winbind. Secondly, get rid of the "guest ok" thing. It confuses things during such debugging. You can always re-enable it after getting the core stuff working. Thirdly, stop the winbind and smb services, rejoin the domain and TEST THE JOIN. I have had several occurrences of joins that appears to succeed - but didn't. This produced the symptoms you've been seeing. i.e. #stop winbind and smb services kinit [EMAIL PROTECTED] net join sleep 10 net ads testjoin #start winbind and smb services Any errors in the above commands must be fixed before anything works reliably. Finally, if you have trusted domains you also want to support (e.g. allow OTHER\user to connect to your MYDOMAIN Samba shares), make sure they are all explicitly mentioned within the [realms] section in /etc/krb5.conf. My thanks to Rashid for that trick. Good luck. Hope that helps. I just love being able to "chown domain\\username filename" - freaks the hell out of the Windows Admins ;-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
