[Samba] Problems with Samba 3.0.1 authenticating through AD
justin.baugh at request.com
Mon Dec 22 19:31:18 GMT 2003
I am trying to set up Samba 3.0.1 to be a member of Active Directory.
The setup is very simple: There is one Windows 2003 AD server on the
network. Samba is running on FreeBSD 5.1R.
So far, I can successfully join the domain (using net ads join -U
Administrator), and I can use kinit / smbclient successfully against the
Windows domain controller (kinit user at REALM followed by smbclient -L
\\host -k). However, whenever I try to authenticate against the machine
running Samba from a Windows domain client, I get prompted for a
username and password. Even if I enter in a valid domain username and
password, Samba says that the password is incorrect.
Here is my smb.conf:
server string = Samba 3.0
security = ads
load printers = yes
log file = /var/log/samba/log.%m
max log size = 500
workgroup = REQUEST
realm = CORP.REQUEST.COM
encrypt passwords = yes
debuglevel = 100
socket options = TCP_NODELAY
local master = no
wins support = yes
wins server = 10.1.8.7
client use spnego = yes
A full debug log can be found at http://www.aosda.net/samba.txt .
I am confused by the fact that the logs seem to indicate it is using
NTLM authentication - I thought with security = ads it was only supposed
to use Kerberos?
Also, is it possible to use security = ads along with nss_ldap (i.e.
Samba would get a static uid/gid/etc from an AD server for local use)? I
suppose I am a bit confused as to how these different parts work
together. Essentially, I want statically mapped uid/gid's and usernames
across all machines.
Thanks for any help or pointers to documentation,
More information about the samba