[Samba] Samba 3, Winbind, AD native - problem

Bowen, III, Clint cbowen at barton.edu
Wed Nov 26 20:28:39 GMT 2003


Hello, I'm hoping someone has seen this before and can point out the
error of my configuration.  I am running Samba 3.0.0 configured to
authenticate via Winbind to my native AD.  Winbind seems to be working
flawlessly - I can login at the console or via SSH using a domain
account and password, without having a matching local account in
/etc/passwd (as I want it).  However, attempting to connect via samba
yields "session setup failed: NT_STATUS_LOGON_FAILURE for both root
(locally logged on) and for my domain account using Kerberos.  Ignoring
the password prompt gives a successful anonymous logon.  This is true
both for "smbclient -L //fileserver" and "smbclient //fileserver/share".
I am currently using the native .tdb mapping file, but I would like to
use LDAP.  So, the pressing questions: How to fix the auth problem, and
how to implement LDAP (not technically, but design - I do know how to
RTFM).  I think I would like to use the schema extensions for AD from
MS, and assign the uid directly to the user object in AD.  The other
option is to use OpenLDAP on the file-server itself.  Is one option
"better" than the other?  Any drawbacks to using the AD solution?  I
would prefer this as I'm currently locked into AD (Exchange) and we
already script user account creation/deletion/management.  Thanks for
any help.  PS - More than happy to post conf files upon request.

Clint Bowen
Assistant director of Information Technology
Barton College
Wilson, NC 27893




More information about the samba mailing list