[Samba] Samba 3 & ADS: nobody can log in

Rich Webb rwebb at wmis.net
Sun Oct 12 18:03:30 GMT 2003

----- Original Message ----- 
From: "Ron Gage" <ron at rongage.org>
To: <samba at lists.samba.org>
Sent: Sunday, October 12, 2003 1:32 PM

> Well, I got past the part about the "ads server" parameter...  :)
> Now, it appears that nobody in the AD Domain can log into (and use) any
> resources on the Samba share.
> If I set "security = ads" on Samba, then nobody can log into the server -
> period.
> A couple of silly questions at this point (before I go completely mad)...
> 1) Is there any requirement that LDAP be functioning on the Samba machine?
> 2) Are there any hidden dependancies (like PAM) that are required to make
> work?
> More background:  The Samba machine has successfully joined the domain (it
> shows up in AD Users and Computers), kinit works fine when logging in as
> Administrator.

The way I understand it, LDAP and Kerberos need to be functioning for Samba
ADS integration to work.  Is there a compelling reason to use it in ADS
mode?  I use PAM and Winbind so I can control access from windows 2k.  That
works quite well.


More information about the samba mailing list