[Samba] Samba 3.0 as domain member server in ADS

Johan Evers johan at opiin.dk
Mon Mar 8 13:03:50 GMT 2004 

I have tried now for allmost a week to get this thing working.

I have installed (Debian packages):
samba 3.0.2
krb5-user 1.3 (This is MIT kerberos)
krb5-config 1.6
winbind 3.0.2

I don't know if my samba is compiled with ADS but I assume it right now 
- I just installed the apt-get package from the testing (sarge) debian.

My problem right now is that

root# *smbpasswd -a -m /machine_name/*
Failed to initialise SAM_ACCOUNT for user appboga$.
Failed to modify password entry for user appboga$

Attached is a copy of my smb.conf and krb5.conf



-- 
Med venlig hilsen - Best regards,

Johan Evers

Opiin Software ApS
Trekronergade 126 F
DK - 2500 Valby
Phone : +45 7020 6393
E-mail  :  info at opiin.dk <mailto:info at opiin.dk>
-------------- next part --------------
#======================= Global Settings ==================
[global]
# The NetBIOS name of this machine
  netbios name = pluto

# server string is the equivalent of the NT Description field
   server string = OpiinDoc server (Samba %v)

# The Windows domain name
  workgroup = BOGA

# For joining ADS realm = your.kerberos.REALM
   realm = boga.DK

# The Domain controllers
   password server = *

# Tell Samba to use ADS authentication
   security = ADS

# In Win200x and ADS encryption is a must
   encrypt passwords = yes

# Which users are NOT allowed
   invalid users = root

# The logs are: (For each connection)
   log file = /var/log/samba/log.%m

# On-the-Fly Creation of Machine Trust Accounts
   add machine script = /usr/sbin/useradd -d /dev/null -g 1004 \
   -s /bin/false -M %u

#======================= Global Winbind Settings ========
# separate domain and username with '/', like DOMAIN/username
winbind separator = /

# use uids from 10000 to 20000 for domain users
idmap uid = 10000-20000

# use gids from 10000 to 20000 for domain groups
idmap gid = 10000-20000

# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes

#======================= Share Definitions ==============

[opiineksport]
   comment = Timeseddel eksport bibliotek
   writable = no
   locking = no
   path = /home/opiin/eksport
   public = yes
-------------- next part --------------
[libdefaults]
default_realm = BOGA.DK

[realms]
BOGA.DK = {
kdc = NTBOGA
kdc = APPBOGA
}

[domain_realms]
.NTBOGA = BOGA.DK

More information about the samba mailing list