[clug] Samba as ADS Member - Newbie HOW-TO?

Avi Miller avi.miller at squiz.net
Mon Nov 29 03:11:27 GMT 2004

Thanks for all your pointers, guys. I have Samba configured as a member 
of my AD domain, and local logins are working for domain accounts. I'm 
having two problems now:

1. I can't get SSH to work for domain accounts. I keep getting a "failed 
password for user domain+username" in /var/log/secure. I'm wondering if 
there's a modification I need to make to the nature of the password 
presented, or something?

2. I've added mod_ntlm_winbind to Apache 1.3 and its almost working 
perfectly: instead of quietly logging me in transparently, it keeps 
prompting for a username/password. Periodically, this doesn't work (I'm 
using domain\username syntax, which is the only one that works at all) 
and I'm left with either a 500 Internal System Error -- this is in 
Firefox), or I get an "Authorization Required" message from Apache.

I am currently logged into AD as the user I'm testing (from Windows XP 
Pro SP2).

I'm seeing the following error in logs/error_log for Apache (at debug 

[2004/11/29 14:08:14, 0] lib/messages.c:message_init(106)
   ERROR: Failed to initialise messages database
[2004/11/29 14:08:14, 1] libads/kerberos_verify.c:ads_verify_ticket(272)
   ads_verify_ticket: unable to protect replay cache with mutex.
[Mon Nov 29 14:08:14 2004] [debug] mod_ntlm_winbind.c(566): [client] user not authenticated: NT_STATUS_LOGON_FAILURE

Any thoughts/pointers/suggestions? The goal of this testing is to setup 
Apache to silently log users in using their AD credentials.


Implementation Specialist

..>> Canberra ...> Sydney ...> London .........../>
   Walter Turnbull Bldg   T: +61 (0) 2 6233 0607
   44 Sydney Ave,         F: +61 (0) 2 6233 0696
   Forrest,               W: http://www.squiz.net/
   ACT 2603

.....>> Open Source  - Own it  -  Squiz.net ...../>

More information about the linux mailing list