[Samba] security = ADS
Rashaad S. Hyndman
IslandBwoy at ToughGuy.net
Fri Jul 23 13:10:13 GMT 2004
HErE arE my ConF file
----------------------------------------SMB.conf----------------------
#======================= Global Settings =======================
[global]
netbios name = smbserver_name
realm = MYREALM.NET
workgroup = mydomain
server string = %h server (Samba %v)
password server = addc01.MYREALM.NET
security = ADS
wins support = yes
include = /etc/samba/dhcp.conf
dns proxy = no
name resolve order = lmhosts host wins bcast
#### Debugging/Accounting ####
log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
encrypt passwords = yes
passdb backend = tdbsam guest
obey pam restrictions = yes
guest account = guest
invalid users = root
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
#======================= Share Definitions =======================
[homes]
comment = Home Directories
browseable = yes
writable = yes
preserver case = yes
short preserve case = yes
[public]
comment = Software and tool downloads
browseable = yes
path = /usr/share/public
writable = no
public = yes
writable = no
create mask = 0700
directory mask = 0700
[printers]
comment = All Printers
browseable = no
path = /tmp
printable = yes
public = no
writable = no
create mode = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
===============================
------------------------------krb5.conf--------------------------
==========================================
[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log
[libdefaults]
default_realm = MYREALM.NET
[relams]
MYREALM.NET= {
kdc = addc01.MYREALM.NET
}
[domain_realms]
.addc01.myrealm.net = MYREALM.NET
==========================================
These are the only files that i have editted to get to this point. I really appreciate your help.
----- Original Message -----
From: Tom Skeren
To: Rashaad S. Hyndman
Sent: Thursday, July 22, 2004 7:25 PM
Subject: Re: [Samba] security = ADS
Rashaad S. Hyndman wrote:
That seems to be an interesting concept but does work in this case for some
reason. Here is what i did:
C:\Documents and Settings\rshyndman>net use * \\10.55.222.82\public\
System error 67 has occurred.
The network name cannot be found.Try right clicking on My Computer and use map-network-drive function.
C:\Documents and Settings\rshyndman>ping 10.55.222.82
Pinging 10.55.222.82 with 32 bytes of data:
Reply from 10.55.222.82: bytes=32 time<10ms TTL=64
Reply from 10.55.222.82: bytes=32 time<10ms TTL=64
Interesting thing here is that is says name not found but i can ping both by
name and ip. You think mapping name to ip in the hosts file will help? Hmmm
:-(
----- Original Message -----
From: "Tom Skeren" <tms3 at fskklaw.com>
To: "Rashaad S. Hyndman" <IslandBwoy at ToughGuy.net>
Cc: <samba at lists.samba.org>
Sent: Thursday, July 22, 2004 4:07 PM
Subject: Re: [Samba] security = ADS
Yes I've seen this behavior a LOT. I've replied to it. For some
reason, the Samba when joined to ads needs to contacted for shares by IP
addy. The XP shares then authenticate properly.
Try \\ipaddy-samba-server\share-name. If you connect, do a netstat -an
on the samba server. You'll see the XP box connected to port 445. I
suspect that in an ads environment, the XP boxes default to connecting
to shares on 445. I suspect smbd, or nmbd are mishandling this when
netbios names are used.
Rashaad S. Hyndman wrote:
Hi all,
I've been fighting with joining my samba server (debian) to my active
directory domain for 4 days now. The problem here is that users in my
active directory domain on windows machines are not able to browse my samba
shares without being prompted for authentication.
I can:
- Join the domain from samba server using net ads
- View list of tickets when brownsing window shares with klist
- list window shares without being prompted with "smbclient -k -L
<windows_servername>
I can NOT:
- use "net use * \\<smb_servername>\share" from window based machine.
(this resultes in "The password or user name is invalid for
\\delshare\public" (delshare being my samba server name)
I have no clue what to do from here. I've looked over my smb.conf file 20
times likewise my krb5.conf file
Any suggestions would be greatly appreciated. I've arn out of tests.
R.
More information about the samba
mailing list