[Samba] Samba in 2003 ADS

Nic le Roux nicl at rohlig.co.za
Thu Jan 15 12:36:58 GMT 2004

Good Morning/Afternoon/Evening.

I'm a bit dejected at the moment as all my googleing / howto reading has 
brought me no joy,
Apparently there are people out there who have successfully set up Samba 
as member server in M$ 2003 ADS.

However I have miserably failed / given up.

What I want to do is have my people print to a PDF printer on Linux using 
cups after which they will be emailed the doc using a package called 
It works pretty well however I need a username to send the email to as the 
username is mapped to an email address in a config file.

Is there possibly another way of having my users connect to the Samba Box 
with their domain user name ?
The requirement is a single sign on to the domain where they will not be 
prompted to authenticate again to the Samba box.

Please any help will be appreciated,


Ps. incase anyone is interested maybe I can still save the ADS project

I'm using Samba 3.0.2pre1
Kerberos 1.3.1

Here is Samba Config

workgroup = domain
realm = domain.co.za
security = ads
password server =
winbind use default domain = yes
client use spnego = yes
encrypt passwords = yes
server string = %L Print Server (%v)
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/winnt/%D/%U
template shell = /bin/bash
printcap name = cups
load printers = yes
printing = cups
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins server =
dns proxy = yes


 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

ticket_lifetime = 24000
default_realm = DOMAIN.CO.ZA
default_tgs_enctypes = des-cbc-md5 des-cbc-crc
default_tkt_enctypes = des-cbc-md5 des-cbc-crc
permitted_enctypes = des-cbc-md5 des-cbc-crc
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
forwardable = true
proxiable = true
dns_lookup_realm = false
dns_lookup_kdc = false

  kdc = server.domain.co.za
  admin_server = server.domain.co.za
  default_domain = DOMAIN.CO.ZA

 .server.domain.co.za = DOMAIN.CO.ZA
 server.domain.co.za = DOMAIN.CO.ZA

Following received in Winbind log

[2004/01/15 14:02:00, 1] libads/ads_ldap.c:ads_name_to_sid(64)
  name_to_sid: root not found
[2004/01/15 14:02:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(960)
  user 'root' does not exist

Following in Cleint log

More information about the samba mailing list