Hello, I installed Samba 3 + kerberos + winbind to make the debian server joining the Active directory service.
Everything seems to be ok, except the authentification. If i try to go to the share of the linux server, it asks me the password. And of course, no way to log in. B Here is the config: *samba* [global] workgroup = TEST realm = CARDS.BE.TEST.COM.LOCAL server string = %h server (Samba %v) ; wins support = no ; wins server = w.x.y.z dns proxy = no ; name resolve order = lmhosts host wins bcast use spnego = yes log file = /var/log/samba/log.%m max log size = 1000 ; syslog only = no syslog = 0 panic action = /usr/share/samba/panic-action %d # separate domain and username with '+', like DOMAIN+username winbind separator = + # use uids from 10000 to 20000 for domain users idmap uid = 10000-20000 # use gids from 10000 to 20000 for domain groups idmap gid = 10000-20000 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes security = ADS encrypt passwords = yes passdb backend = tdbsam guest obey pam restrictions = yes password server = zscards-pdc netbios name = rantanplan ; guest account = nobody invalid users = root ; unix password sync = no ; passwd program = /usr/bin/passwd %u# passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . ; pam password change = no ; load printers = yes ; preserve case = yes ; short preserve case = yes ; include = /home/samba/etc/smb.conf.%m # SO_RCVBUF=8192 SO_SNDBUF=8192 socket options = TCP_NODELAY ; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' & ; domain master = auto idmap uid = 10000-20000 idmap gid = 10000-20000 ; template shell = /bin/bash [admin] comment = Administration Directory path = /home/benoit admin users = bmo browseable = yes public = no writable = yes guest only = no valid users = bmo *kerberos* [libdefaults] default_realm = CAR.BE.TESTCOM [realms] CAR.BE.TEST.COM = { kdc = car-pdc.cards.be.test.com default_domain = car.be.test.com } #[domain_realms] #.kerberos.server=CAR.BE.TEST.COM # The following krb5.conf variables are only for MIT Kerberos. default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } [login] krb4_convert = true krb4_get_tickets = true *winbind* (logs) 2004/06/07 13:38:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain CAR CAR.BE.TEST.COM.LOCAL S-0-0 [2004/06/07 13:38:57, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306) krb5_cc_get_principal failed (No credentials cache found) [2004/06/07 13:38:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain BUILTIN S-1-5-32 [2004/06/07 13:38:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain RANTANPLAN S-1-5-21-837388855-3362161430-1770541169 All commands like kinit, net ads join, wbinfo -u (-g), getent etc works. >From the linux server, no problem to go to the shares of the domain controller (wich is a windows 2003 server). Any help would be helpful Regards, Benoit -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba