[Samba] Domain logon against a Windows Server 2003 based AD
Marcus Franke
Marcus.Franke at gmx.net
Tue Jul 13 07:23:40 GMT 2004
Hi,
I'm trying to configure my Mandrake V10 box to do user authentication
against an ActiveDirectory domain hostet on Windows Server 2003.
And guess what, I have some problems :)
I used drakauth (similar to authconfig on RedHat) to configure the
authentication against a windows domain. I was asked some questions
concerning domain, domain controller, administrator account and
password..
drakauth configured my smb.conf the following way:
[global]
workgroup = IDEALTEC.LOCAL
server string = Samba Server %v
security = domain
encrypt passwords = Yes
password server = *
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
character set = ISO8859-15
os level = 18
local master = No
dns proxy = No
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = yes
But after a net join, I get the following errors, when I try to logon
a domain user on my linux box:
Jul 12 16:56:22 linux kde3(pam_unix)[3610]: auth could not identify
password for [marcus]
Jul 12 16:56:22 linux winbindd[2410]: [2004/07/12 16:56:22, 0]
nsswitch/winbindd_util.c:get_trust_pw(951)
Jul 12 16:56:22 linux winbindd[2410]: get_trust_pw: could not fetch
trust account password for my domain IDEALTEC.LOCAL
Jul 12 16:56:22 linux pam_winbind[3610]: request failed:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO, PAM error was 4, NT error was
NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Jul 12 16:56:22 linux pam_winbind[3610]: internal module error (retval =
4, user = `marcus'
I even modified in the ActiveDirectory the SecurityPrincipal "Everyone"
to be a member of the "pre-windows 2000 authentication" group, don't
know if the name is right, as I have a german version of Windows :)
Last things I modified on my linux box was to change the
security = domain to security = ads, as the net join gave me some
hints that it could not find the ads realm and had to use RPC for
interaction with my domain.
According to the man-page I set the following lines:
security = ads
.nf realm = dc-hh-001.idealtec.local
name resolution works, I have checked this, as I know how critical
DNS is for ActiveDirectory based domains.
Im currently working my way down the Samba-Howto-Collection Chapter 20:
Use of Domain Accounts, but currently Im somewhat puzzled, need to get
some ground under my feet..
Bye,
Marcus
--
pedo mellon a minno
More information about the samba
mailing list