[Samba] ADS Authentication
tms3 at fsklaw.net
Tue Dec 7 17:57:30 GMT 2004
Jeremy Allison wrote:
>On Mon, Dec 06, 2004 at 02:29:29PM -0800, Tom Skeren wrote:
>>I'm about ready to smash my head through a wall...I could use a few answers.
>>1. When using security = ads, and completing net ads join, it was my
>>understanding that samba authenticated username/pword against ads, and
>>local posix accounts were nolonger needed, is this true?
>Yes, so long as you have nsswitch and pam set up correctly. It sounds
>like you don't.
Pam appears to be setup correctly. At this time winbindd.log has this:
[2004/12/07 09:49:16, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
krb5_cc_get_principal failed (No such file or directory)
Which seems to be a kerberos problem. However, kinit is working
properly. Also ldapsearch -Y GSSAPI works, and adds additional kerberos
tickets, so that I find it difficult to believe it's a kerberos
problem. I have a feeling it's a smb.conf problem, but I cannot locate it.
More information about the samba