Unable to authenticate with security=ADS

ZINKEVICIUS,MATT (HP-Loveland,ex1) matt.zinkevicius at hp.com
Thu Nov 14 22:28:00 GMT 2002

> -----Original Message-----
> From: José Alberto Patiño Limón [mailto:jalbertop at aranea.com.mx]
> Sent: Wednesday, November 13, 2002 6:43 PM
> To: ZINKEVICIUS,MATT " "(HP-Loveland,ex1)
> Cc: samba-technical at lists.samba.org
> Subject: RE: Unable to authenticate with security=ADS
> Ok. Well I had the same problem when I was starting to setup 
> SAMBA 3.0.
> But I dont remember what I did to fix it.
> I remeber that the main problem that I had was with the 
> nss_ldap module,
> remember that you need to have the passwd and group info available to
> the samba daemon. I have 2 setups to get this info from 
> Active Directory
> and OpenLDAP. But you must be certain at least that you have 
> a entry in
> the /etc/passwd to get the uid data for the W2K user that you 
> are using
> to share the storage in Samba.

I need a local unix account for every user that can authenticate via ADS? I
want to use ADS for authentication, not local unix accounts. That's the
whole point.

The error looks like a problem in ticket handling anyway, so I don't think
this has to do with not being able to find a local account to verify
against. sigh... I guess I'll go read the active directory code now.

> Just to be sure, I assume that you /etc/krb5.conf is configured to see
> the kerberos "realm" for Active Directory.

Yep. My krb5.conf is attached to the original email if you want to look at

> I think that the klist tickets command is supposed to be tested in the
> W2K machine and noy in the unix box.

My W2K box doesn't seem to have klist installed (At least not in my path)


More information about the samba-technical mailing list