[Samba] Logging into WIndows 2000 ADS from Linux Clients

John H Terpstra samba at primastasys.com
Sun May 16 23:25:27 GMT 2004


PAG,

Suggest you either buy my new book "Samba-3 by Example" or download it from:
http://www.samba.org/samba/docs/Samba-Guide.pdf

Check Chapter 9 - it should have all the answers you need.

- John T.
---
John H Terpstra
Samba-Team
email: jht at samba.org


> -------- Original Message --------
> Subject: [Samba] Logging into WIndows 2000 ADS from Linux Clients
> From: gulawani at hathway.com
> Date: Thu, May 13, 2004 11:16 pm
> To: samba at lists.samba.org
>
> Hi everyone,
>
>
>
> I want to convert some 50 new machines that an organization is getting
> into Fedora Linux workstations.
>
>
>
> This is the current setup:
>
> The organization currently has one Primary Windows 2000 ADS and 2
> numbers of Windows 2000 servers acting as Backup domain servers.
>
> There are currently some 50 workstations already in the network and
> these are all Windows 2000 professional machines. There are HP laser
> network printers in the network.
>
>
>
> Now the organization wants to add about 50 more workstations in the
> network. I am trying to convince them to use Fedora Linux on these
> machines instead of Windows 2000 professionnal. My ultimate goal is to
> convert more machines to Linux. From these Fedora machines, users
> should be able to login to the Windows servers using their Windows
> username and passwords. They will be using a lot of files from the
> Windows 2000 servers which currently also act as the file servers. They
> are currently reluctant on converting the Windows servers and
> converting to Linux as some critical applications that they use are
> available only on windows. In addition to this they would need to print
> to the Network printers in the network.
>
>
>
> I googled and found a LOT of information on modifying the SAMBA and
> modifying the krb5 for the above purpose. I am using a couple of
> machines to do a test setup. I have installed FC1 on these machines and
> have configured SAMBA on both these machines.
>
> Some of the settings done are as follows:
>
> SAMBA smb.conf file is at the very bottom of this email
>
> KRB5 krb5.conf file is also at the bottom of the email
>
> nsswitch.conf file was modified also at the bottom of this email
>
> The authentication that I am using is SMB and KRB5
>
>
>
> My FC1 machines are registered into the ADS using "net ads join -U
> user1". This went well and showed me as joined to the domain.
>
>
>
> I have set up test users "user1" and "user2" in both the windows domain
> as well as on the FC1 machines. The passwords of the above users on the
> local FC1 machines and the Windows 2000 ADS machines are differrent.
> (The reason I have kept these differrent is to test that the login
> using the Windows 2000 username and password works.)
>
>
>
> The problem that I face is this:
>
> 1. I cannot log in at the FC1 GUI login prompt (I'm using gnome) using
> the windows username (user1 or user2) and password. I can only login
> using my FC1 local username and password. This is the first thing that
> I should be able to do. I should be able to login as any user (even if
> the user is not added in the local FC1 machine)
>
> 2. After logging into gnome as the local FC1 user, when I browse the
> network and click on any machine on the network it asks me for a
> username and password again for that machine. After entering the
> correct windows username and password I get access to the shared
> resources in the network.
>
>
>
> I want to maintain one central username and password into the Windows
> 2000 ADS. So if a username is added or is a password of an existing
> user is changed it is maintained at one location only and not  in
> multiple locations.
>
>
>
> Can someone point out what I could be doing wrong here. At this point
> I'm quite zonked actually. Some sites mentinoed that all I need to do
> was enable kerbrose authintication on the  local machine (no need to
> setup samba). In other places there is nothing mentioned about krb5 but
> a lot of settings about samba.
>
>
>
> I'd appretiate your help a lot. I'm sorry for the long email, but I
> just wanted to  make sure I've given all the details.
>
>
>
> Thanks,
>
> PAG
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba


More information about the samba mailing list