[clug] Samba as ADS Member - Newbie HOW-TO?
Avi Miller
avi.miller at squiz.net
Mon Nov 29 03:11:27 GMT 2004
Thanks for all your pointers, guys. I have Samba configured as a member
of my AD domain, and local logins are working for domain accounts. I'm
having two problems now:
1. I can't get SSH to work for domain accounts. I keep getting a "failed
password for user domain+username" in /var/log/secure. I'm wondering if
there's a modification I need to make to the nature of the password
presented, or something?
2. I've added mod_ntlm_winbind to Apache 1.3 and its almost working
perfectly: instead of quietly logging me in transparently, it keeps
prompting for a username/password. Periodically, this doesn't work (I'm
using domain\username syntax, which is the only one that works at all)
and I'm left with either a 500 Internal System Error -- this is in
Firefox), or I get an "Authorization Required" message from Apache.
I am currently logged into AD as the user I'm testing (from Windows XP
Pro SP2).
I'm seeing the following error in logs/error_log for Apache (at debug
level):
[2004/11/29 14:08:14, 0] lib/messages.c:message_init(106)
ERROR: Failed to initialise messages database
[2004/11/29 14:08:14, 1] libads/kerberos_verify.c:ads_verify_ticket(272)
ads_verify_ticket: unable to protect replay cache with mutex.
[Mon Nov 29 14:08:14 2004] [debug] mod_ntlm_winbind.c(566): [client
192.168.100.105] user not authenticated: NT_STATUS_LOGON_FAILURE
Any thoughts/pointers/suggestions? The goal of this testing is to setup
Apache to silently log users in using their AD credentials.
Thanks,
Avi
--
Implementation Specialist
..>> Canberra ...> Sydney ...> London .........../>
Walter Turnbull Bldg T: +61 (0) 2 6233 0607
44 Sydney Ave, F: +61 (0) 2 6233 0696
Forrest, W: http://www.squiz.net/
ACT 2603
.....>> Open Source - Own it - Squiz.net ...../>
More information about the linux
mailing list