ldap and active directory configuration

Scott Grizzard scott at scottgrizzard.com
Thu Jul 15 01:49:29 MDT 2010

Did you configure Kerberos for that server?  What does your krb5.conf look
How about you nsswitch.conf file?  When you run 'getent passwd', do your AD
users show up?

On Jul 15, 2010 3:22 AM, "Malcolm Bodger" <M.Bodger at westminster.ac.uk>

 Hi Scott,

I'm hoping yourself, or someone on this list, might be able to help me with
this ongoing problem.

I've now moved on from ldap and have configured my server to authenticate to
active directory. I can ssh to the box and login using AD and local
accounts, but I get errors when trying to access my shared drive. On my PC
the error contains the message: 'No process is on the other end of the
pipe.' I'm not creating any samba users, but I've configured samba to create
local home areas, which it does for any new users.

My smb.conf, it's been a bit mangled in attempt to get it to work:

        realm = INTRANET.WMIN.AC.UK
        workgroup = INTRANET
        netbios name = isls-fs1
        netbios aliases = isls-fs1
        server string = %h server (Samba, Ubuntu)
        map to guest = Never
        obey pam restrictions = no
        password server = isls-int-dc-6
        passdb backend = tdbsam
        security = ADS
        pam password change = no
        passwd program =
        passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        unix password sync = no
        log level = 3
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        local master = No
        domain master = No
        dns proxy = No
        wins server = isls-int-dc-6
        #ldap ssl = yes
        ldap ssl = no
        panic action = /usr/share/samba/panic-action %d
        invalid users = root
        idmap uid = 500-1000000
        idmap gid = 500-1000000
        #winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = yes
        client use spnego = yes
        client ntlmv2 auth = yes
        encrypt passwords = yes
        template homedir = /home/%D/%U
        template shell = /bin/bash
        #nt pipe support = no
        #name resolve order = wins host bcast
        comment = All Printers
        path = /var/spool/samba
        create mask = 0700
        printable = Yes
        browseable = No
        comment = Printer Drivers
        path = /var/lib/samba/printers
        comment = psi shared area
        path = /PSI
       # public = No
       # valid users =  @"INTRANET+Domain Users"
        #valid users = %S
        read only = No
        browseable = No
        wide links = No
        guest ok = yes
        comment = Unix homes
        path = /home
#       valid users = %S
        read only = no
        browseable = yes

It used to work when configured for local users, but now I'm not able to
access the drive for local, nor AD users.


This e-mail and its attachments are intended for the above named only and
may be confidential. If t...

*From:* Malcolm Bodger
*Sent:* Fri 02/07/2010 14:42
*To:* Scott Grizzard; Malcolm Bodger

Cc: samba-technical at lists.samba.org
*Subject:* RE: ldap and active directory configuration

Hi Scott,

Thanks for this very useful information and it's giving me an insight into
Samba. Our eD...

More information about the samba-technical mailing list