Unable to authenticate with security=ADS
ZINKEVICIUS,MATT (HP-Loveland,ex1)
matt.zinkevicius at hp.com
Thu Nov 14 22:28:00 GMT 2002
> -----Original Message-----
> From: José Alberto Patiño Limón [mailto:jalbertop at aranea.com.mx]
> Sent: Wednesday, November 13, 2002 6:43 PM
> To: ZINKEVICIUS,MATT " "(HP-Loveland,ex1)
> Cc: samba-technical at lists.samba.org
> Subject: RE: Unable to authenticate with security=ADS
>
>
> Ok. Well I had the same problem when I was starting to setup
> SAMBA 3.0.
> But I dont remember what I did to fix it.
>
> I remeber that the main problem that I had was with the
> nss_ldap module,
> remember that you need to have the passwd and group info available to
> the samba daemon. I have 2 setups to get this info from
> Active Directory
> and OpenLDAP. But you must be certain at least that you have
> a entry in
> the /etc/passwd to get the uid data for the W2K user that you
> are using
> to share the storage in Samba.
I need a local unix account for every user that can authenticate via ADS? I
want to use ADS for authentication, not local unix accounts. That's the
whole point.
The error looks like a problem in ticket handling anyway, so I don't think
this has to do with not being able to find a local account to verify
against. sigh... I guess I'll go read the active directory code now.
> Just to be sure, I assume that you /etc/krb5.conf is configured to see
> the kerberos "realm" for Active Directory.
Yep. My krb5.conf is attached to the original email if you want to look at
it.
> I think that the klist tickets command is supposed to be tested in the
> W2K machine and noy in the unix box.
My W2K box doesn't seem to have klist installed (At least not in my path)
--Matt
More information about the samba-technical
mailing list