[Samba] Problem with samba + ads

Dreimann, Philipp p.dreimann at contrigo.de
Wed Feb 5 15:46:00 GMT 2003


Hello,

I've got the problem that i just get a access denied when i try to
connect to my samba server which is in our active directory.

<smb.conf>
[global]
	realm = CONTRIGO.LOCAL
	ADS server = CTGEX.CONTRIGO.LOCAL
	server string = %h server (Samba %v)
	security = ADS
	obey pam restrictions = Yes
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	os level = 64
	dns proxy = No
	wins server = 192.168.111.10
	ldap ssl = no
	ldap passwd sync = Yes
	panic action = /usr/share/samba/panic-action %d
	host msdfs = Yes
	winbind uid = 30000-40000
	winbind gid = 30000-40000
	winbind separator = +
	winbind use default domain = Yes
	invalid users = root
	admin users = tester
	msdfs root = Yes
	workgroup = contrigo

[homes]
	comment = Home Directories
	create mask = 0700
	directory mask = 0700
	browseable = No

[temp]
	comment = test
	path = /tmp
</smb.conf>

<snip krb5.conf>
[realms]
CONTRIGO.LOCAL = {
	kdc = CTGEX.CONTRIGO.LOCAL
	admin_server = CTGEX.CONTRIGO.LOCAL
}
</snip>

In my /etc/pam.d/samba is just one line active: "account
required        /lib/security/pam_winbind.so"

I think that i'm sucessfully authenticated in our active directory,
because i can mount without any password every share in our lan (just
with the -k option).

Winbindd seems to work also, because wbinfo -u or -g works fine.
Net ads user works also... I can add and delete user in our active
directory!

But i cant even see the list of the shares on my samba server.

And "klist tickets" tells me "klist: No credentials cache found (ticket
cache FILE:tickets)".

My samba version is 2999+3.0.alpha21-3 from debian unstable.

Can someone give me a hint?

Thanks,
	Philipp


More information about the samba mailing list