Samba/AD/Kerberos

Ron Short short at sgi.com
Mon Dec 29 15:43:52 GMT 2008


We only have Winbind running onthe Samba server

> # Samba config file created using SWAT
> # from 162.49.57.179 (162.49.57.179)
> # Date: 2007/04/10 14:33:48
>
> # Global parameters
> [global]
>         workgroup = NMCS
>         realm = NMCS.SDMENGINEERING.COM
>         netbios name = MCSSAN
>         name resolve order = lmhosts host wins bcast
>         interfaces = 162.49.57.50/0xffffff00
>         bind interfaces only = Yes
>         security = ADS
>         auth methods = winbind
>         password server = dmcontroller1.nmcs.sdmengineering.com, 
> dmcontroller2.nmcs.sdmengineering.com
>         passwd program = /usr/bin/passwd %u
>         passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n
>         max log size = 500
>         max xmit = 65535
>         os level = 0
>         preferred master = No
>         local master = No
>         domain master = No
>         wins server = 162.49.57.15
>         ldap ssl = no
>         idmap uid = 15000-20000
>         idmap gid = 15000-20000
>         comment = %h (Samba %v)
>         hosts allow = 162.49.57.
>         hide dot files = No
>         locking = No
>         share modes = No
>         vfs objects = sgistats, sgisendfile
>
> #       client use spnego = yes
> #       server signing = auto
> #       client signing = yes
>
> #       log level = 10
>
> [library]
>         path = /media/library
>         read only = No
>         directory mask = 0775
>
> #[workarea]
> #       path = /work/workarea
> #       read only = No
> #       guest ok = Yes
>
> [cam]
>         path = /media2/cam
>         read only = No
>         directory mask = 0775


Scott Grizzard wrote:
> Is WINS running on the Samba server?
>
> Please post a copy of your smb.conf.
>
> - Scott Grizzard
>
> On Dec 29, 2008, at 9:35 AM, Ron Short wrote:
>
>> We have a situation where we have a Samba server setup on an SGI Irix 
>> system working with a Microsoft 2003 Domain Controller and using 
>> Kerberos.  We can successfully join the Samba server to the domain.  
>> We can also get a valid kerberos ticket for the administrator account
>>
>> This was working well until the Active Directory server was reboot.  
>> Now we are having trouble connecting to the Samba share using the 
>> Netbios name, i.e. MCSSAN\Library for example.  Now it this the case 
>> where we can't connect supplying the user/password (we are using the 
>> domain/username combination).  However we can connect if the IP 
>> address is used.  Also if we delete the machine account from the 
>> domain controller it also works fine.
>>
>> Any pointers are appreciated as to what might have happened and what 
>> can be done to correct the problem.
>>
>> -- 
>> Ron Short                                       email: short at sgi.com
>> Solutions Architect                             office: 651/683-5680
>> SGI Global Professional Services                fax: 651/683-5599
>



More information about the samba-technical mailing list