[Samba] security = ADS

[John H Terpstra]

On Thursday 22 July 2004 14:07, Tom Skeren wrote:
> Yes I've seen this behavior a LOT.  I've replied to it.  For some
> reason, the Samba when joined to ads needs to contacted for shares by IP
> addy.  The XP shares then authenticate properly.

No way, your ADS server is answering on port 445 - the port for netbios-less 
SMB.

>
> Try \\ipaddy-samba-server\share-name.  If you connect, do a netstat -an
> on the samba server.  You'll see the XP box connected to port 445.  I
> suspect that in an ads environment, the XP boxes default to connecting
> to shares on 445.  I suspect smbd, or nmbd are mishandling this when
> netbios names are used.

Nope. To avoid this, in your smb.conf [globals] set:
	smb port = 139

- John T.

>
> Rashaad S. Hyndman wrote:
> >Hi all,
> >
> >I've been fighting with joining my samba server (debian) to my active
> > directory domain for 4 days now.  The problem here is that users in my
> > active directory domain on windows machines are not able to browse my
> > samba shares without being prompted for authentication.
> >
> >I can:
> >- Join the domain from samba server using net ads
> >- View list of tickets when brownsing window shares with klist
> >- list window shares without being prompted with "smbclient -k -L
> > <windows_servername>
> >
> >I can NOT:
> >- use "net use * \\<smb_servername>\share" from window based machine.
> >(this resultes in "The password or user name is invalid for
> > \\delshare\public" (delshare being my samba server name)
> >
> >I have no clue what to do from here. I've looked over my smb.conf file 20
> > times likewise my krb5.conf file
> >
> >Any suggestions would be greatly appreciated. I've arn out of tests.
> >
> >R.

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.