Samba 4 - how to enable ADS while compiling

priya sehgal priyagps at
Wed Sep 24 21:07:02 GMT 2008

I wish to set up a samba 4 server as a domain member of a Win 2k3 domain, with Active Directory support. The samba server is on a Fedora core 6 . Eventually, I would want to set this samba 4 server as a CIFS Proxy for Win2k3 domain.

But, when I compile samba-4.0.0alpha4 and try to start smbd, it warns me about unrecognized value ADS for security. 

1.How should we compile samba-4 with Active Directory support?
 I tried .configure --with-ads --with-krb5 --with-ldap., but still it
gives the warning - unrecognized "ADS" for security.

Although, I am able to join the domain and kinit also works fine for me,
my windows XP machine in the same domain cannot access linux samba server in the domain. It gets error - "The account is not authorized to login from this station".

Also, smbclient -L /linux_samba -k 
gives the error : 
"tree connect failed: Read error: Connection reset by peer."

I think there is something going wrong in the authentication. The call is not going to the Win2k3 server. I looked into the ethereal traces.It may be due to ADS security not recognized by samba.
Please let me know what could be wrong?

2.Also, I could not locate the new winbind binaries, after make install? Is it not compiled? how can we compile it?

3.Also, FC6 already has samba 3.0.23c-2. Will this create any hurdle in installing samba4 on FC6?

Following is the set of packages and files on my system -
netbios name of linux server : linux_samba
Windows 2k3 Domain Controller :
DNS Server :

I already have the following packages installed :

My smb.conf file looks like this :
	netbios name	= linux_samba 
	workgroup	= PRIYADOMAIN 
	preferred master = no
	password server	=
	security	= ads 
	encrypt passwords = yes
	log level	= 3
	log file	= /var/log/samba/%m
	max log size	= 50
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind use default domain = Yes	
	winbindd separator = +		
	idmap uid	= 10000 - 20000	
	idmap gid	= 10000 - 20000	
	;template primary group = "Domain Users"	
	wins server	=
	hosts allow	=

	path = /usr/local/samba/var/locks/sysvol
	read only = no

	comment = Home Directory
	valid users = %S
	read only = No
	browseable = No
	path = /home/priya/test1
	read only = no
	write list = PRIYADOMAIN+user1

/etc/krb5.conf looks like this :
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

 default_realm = PRIYADOMAIN.COM
 dns_lookup_realm = true 
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 forwardable = yes

  kdc =
  admin_server =
  default_domain =
 } = {
  kdc =
  default_domain =
  kdc =
  default_domain = 

 .kerberos.server = PRIYADOMAIN.COM

 profile = /var/kerberos/krb5kdc/kdc.conf

 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false

/etc/nsswitch.conf looks like this:
passwd:     files winbind 
shadow:     files winbind
group:      files winbind
hosts:      files dns wins
bootparams: nisplus [NOTFOUND=return] files

ethers:     db files
netmasks:   files
networks:   files dns
protocols:  db files
rpc:        db files
services:   files

netgroup:   nisplus

publickey:  nisplus

automount:  files nisplus
aliases:    files nisplus

Any help is appreciated. 

Thanks and Regards,


More information about the samba-technical mailing list