[Samba] AD member server setup with winbind idmap_rid - users
prompted fo r password
Geoffrey Scott
geoffs at guestshire.com
Fri Dec 30 07:16:59 GMT 2005
Question:
How can I stop users from being prompted for a password?
Is secrets.tdb needed?
Do you think my problems are caused by having a different workgroup to
realm?
Problems:
I've gone over samba-by-example 7.3.4.1 on setting up idmap_rid with winbind
quite a few times now. I also checked what JHT has said in chapter 12. All
of it seems correct. However I get loads of this before the machine finally
joins and shows up in the computers container of AD:
[2005/12/30 17:11:45, 0] libads/kerberos.c:get_service_ticket(356)
get_service_ticket: kerberos_kinit_password
FPSYD$@GUESTSFURNITUREHIRE.COM.AU at GUESTSFURNITUREHIRE.COM.AU failed: Client
not found in Kerberos database
[2005/12/30 17:11:45, 0] libads/kerberos.c:get_service_ticket(356)
get_service_ticket: kerberos_kinit_password
FPSYD$@GUESTSFURNITUREHIRE.COM.AU at GUESTSFURNITUREHIRE.COM.AU failed: Client
not found in Kerberos database
Joined 'FPSYD' to realm 'GUESTSFURNITUREHIRE.COM.AU'
I also have users being constantly asked for a username & password when they
access their homes share.
secrets.tdb doesn't get created.
These things work:
root# net ads testjoin
Join is OK
wbinfo -t or -u or -g all show what they are supposed to show.
CONF file below:
[global]
workgroup = GUESTSHIRE
realm = GUESTSFURNITUREHIRE.COM.AU
security = ADS
allow trusted domains = No
idmap backend = idmap_rid:GUESTSHIRE=5000-1000000
idmap uid = 5000-1000000
idmap gid = 5000-1000000
winbind use default domain = Yes
winbind nested groups = Yes
More information about the samba
mailing list