[Samba] Samba3 and AD

Ivan Toh tohbc at scs.com.sg
Thu Nov 27 07:14:58 GMT 2003 

Hi all,
 
I'm trying integrate my Redhat 7.3 machine with Win2000 server Active
Directory, such that users can logon to the Linux box using AD accounts.
I have successfully join the Linux box into the domain as a domain
member server, and current linux account users can access their Samba
share from their Windows machines. When I tried to configure winbind, I
was hit with a problem when trying to list domain users:
 
# wbinfo -u
Error looking up domain users
 
When I check /var/log/samba/log.winbindd, it kept saying improper format
of Kerberos config file
 
[2003/11/27 14:59:37, 1]
nsswitch/winbindd_util.c:add_trusted_domains(206)
  scanning trusted domain list
[2003/11/27 14:59:38, 0]
libsmb/cliconnect.c:cli_session_setup_spnego(683)
  Kinit failed: Improper format of Kerberos configuration file

Below is my global configuration for /etc/samba/smb.conf and
/etc/krb5.conf:
 
/etc/samba/smb.conf
[global]
 
# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = SMUSTF
   netbios name = BEOWULF
   server string = Samba Server

#ACTIVE DIRECTORY JOINING
   realm = sam
   security = ADS
   encrypt passwords = yes
   password server = dc01.sam
 
   printcap name = /etc/printcap
   load printers = yes
   log file = /var/log/samba/log.%m
   max log size = 50
 
# WINBIND CONFIG
    winbind separator = +
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind enum users = yes
    winbind enum groups = yes
    template homedir = /home/%D/%U
    template shell = /bin/bash
 
 
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 
   wins server = 202.161.42.5
   dns proxy = no
 
/etc/krb5.conf
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
 
[libdefaults]
 ticket_lifetime = 24000
 default_realm = SAM
 default_tgs_enctypes = des-cbc-crc des-cbc-md5
 default_tkt_enctypes = des-cbc-crc des-cbc-md5
 dns_lookup_realm = true
 dns_lookup_kdc = true
 
[realms]
 SAM = {
  kdc = dc01.sam:88
 # admin_server = dc01.sam:749
  default_domain = sam
  admin_server = dc01.sam:749
 }
 
[domain_realm]
 .sam = SAM
 sam = SAM
 
[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf
 
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

Please help.

 
Regards,
 
Ivan Toh Boon Cheong

More information about the samba mailing list