[Samba] Issues/Questions about Samba 3.x.x versus it's Working Status

Melfi.Marcello at hydro.qc.ca Melfi.Marcello at hydro.qc.ca
Mon Oct 18 21:22:03 GMT 2004


I have been trying to setup Samba with ADS for a while now without success.

I compiled Samba 3.0.7, along with MIT Kerberos 1.3.5 and OpenLDAP 2.2.17. I
did not compiled PAM since I do not need to have Windows users to log on the
Unix box. Although not necessary, I setup the krb5.conf file. I was able to
do a "net join ads" after performing a "kinit" with the Win2K3 server's
Administrator's username and password. With the "klist", I validated that
tickets were issued, therefore the Kerberos installation seems to work
correctly, at least without Samba.

My success ends there. When trying to make this works with Samba, it
doesn't. It looks like NTLM is used as a fallback... What am I missing here?

Here are some questions I have which could shed some lights to the overall

1. I once asked if it was possible not to use winbindd and just use the
"username map" parameter/file. I never got any answer to that... Is that a
tough question?

2. When using winbindd, can I still use the "username map" parameter/file so
that I link Windows accounts to the same Unix one? Right now, this does not
seem to work... Is there some issues with this? What is the exact syntax?

3. Is PAM absolutely required? I do not think so, but, hey, you never

4. I saw in a few mails on Google that the command "wbinfo --set-auth-user
DOMAINNAME\\Administrator%password" is sometime required? Is it true? What
is it all about?

5. I saw also in a lot of mails on Google and Samba list that it was
required to copy the libnss_winbind.so (from the nsswitch directory in the
samba source) to the /lib directory. However, the target filename is
sometime nss_winbnid.so, sometime libnss_winbind.so, sometime ending with
.so.1 or .so.2, etc. What is it all about? What is really required? Is this
system specific?

6. Does the Samba server (aka the Unix box) need to be in the same domain as
the Win2K3 server? Same question for the client workstations?

7. I saw in some other mails/documents (too many read in a short period)
that it may be required to change the Windows account's password? Is this
true? If so, when is it required and with what typical configuration?

I really need some help to make this work. Maybe I am doing (or have done)
something wrong. If asked for, I can provide all the various config files I
am using.


Marcello Melfi

More information about the samba mailing list