[Samba] Samba 3.0.33 works, 3.5.4 doesn't
John Oliver
joliver at john-oliver.net
Thu Apr 19 08:20:53 MDT 2012
I'm trying to get AD authentication working on a RHEL 5.4 base system
I can wbinfo -[ug] and getent {passwd|group} with 3.0.33 Everything
appears to work just fine, except I could not actually authenticate...
I'd always get failed password. A lot of Googling turned up a bug that
indicated that it was impossible to get 3.0.33 to authenticate against a
W2K8 AD, so I installed 3.5.4 Same smb.conf, same krb5.conf... but I
cannot join the domain. net ads status works, but net ads join tells
me:
Failed to join domain: failed to lookup DC info for domain 'MY.DOMAIN'
over rpc: Invalid workstation
Googling that error leads to a very few responses, none of which help
me. What is the "invalid workstation", and how do I make it valid? :-)
smb.conf:
[global]
workgroup = MY
password server = 192.168.2.22
realm = MY.DOMAIN
security = ads
idmap uid = 10000-20000
idmap gid = 10000-20000
client ntlmv2 auth = yes
disable netbios = yes
smb ports = 445
winbind use default domain = yes
winbind offline logon = yes
winbind trusted domains only = no
winbind enum users = yes
winbind enum groups = yes
passdb backend = tdbsam
krb5.conf:
[libdefaults]
default_realm = MY.DOMAIN
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
MY.DOMAIN = {
kdc = ad1.my.domain:88
admin_server = ad1.my.domain:749
default_domain = my.domain
}
[domain_realm]
.my.domain = MY.DOMAIN
my.domain = MY.DOMAIN
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
--
***********************************************************************
* John Oliver http://www.john-oliver.net/ *
* *
***********************************************************************
More information about the samba
mailing list