[Samba] Making Red Hat 3 Authenticate against AD Domain

Kevin Riggins kevin.riggins at comdev.com
Tue Oct 19 15:44:29 GMT 2004

One other thing.  My /etc/krb5.conf file is a bit different than the one
given on the page I sent you to.

The pertinent portion being below:

  ticket_lifetime = 24000
  default_realm = COMDEV.COM
  default_tgs_enctypes = rc4-hmac
  default_tkt_enctypes = rc4-hmac
  forwardable = true
  proxiable = true
  dns_lookup_realm = false
  dns_lookup_kdc = false

-----Original Message-----
From: David Nickel [mailto:dnickel at gmail.com] 
Sent: Tuesday, October 19, 2004 10:15 AM
To: Kevin Riggins
Cc: samba at lists.samba.org
Subject: Re: [Samba] Making Red Hat 3 Authenticate against AD Domain

Thanks for the link and info. I have tried it, but when I get to the
testing kerberos I get an error.

command: kinit ADMINISTRATOR at domain.com
error: kinit(v5): KDC has no support for encryption type while getting
initial credentials

FYI: All I want to do is allow my users, once they logon on to there
domain computers, map to their directory on the web server through
domain authentication instead of the local /etc/passwd file.

On Tue, 19 Oct 2004 08:58:17 -0500, Kevin Riggins
<kevin.riggins at comdev.com> wrote:
> David,
> I found this webpage to be very useful for setting up samba with
> directory authentication -
> http://www.rongage.org/manual_samba_howto.html.  I started with a very
> base install of WBEL without samba.  The version of Kerberos that
> with WBEL is not new enough to work with a Win2K AD domain or at least
> could never get it to work. I used the latest versions of Samba and
> Kerberos.  OpenLDAP was not needed since it was already installed on
> box.
> My homes share definition looks like this:
> [global]
>        template homedir = /home/%D/%U
> [homes]
>        comment = Home Directories
>        create mask = 0600
>        directory mask = 0700
>        read only = no
>        browseable = no
>        valid users = @"Domain Admins",@"Domain Users"
>        veto oplock files = /*.xls/
> The "veto oplock files = /*.xls/" line is to take care of a problem
> excel thinking that a file has been changed since opened when it
> actually hasn't been.
> I created the /home/<DOMAIN>/ directory with the group set to "Domain
> Admins" and group rights of u+rwx,g+rwsx,o-rwsx so that I could use
> "Active Directory Users and Computers" to set the home directory.  The
> domain name had to be all caps for it to work right.  Right now I am
> manually creating the home directory and setting ownership and
> permissions.  Haven't been able to get the home directory creation
> through "Active Directory Users and Computers" working yet.
> Kevin Riggins, CISSP
> Quester Linguistics, Inc.
> -----Original Message-----
> From: David Nickel [mailto:dnickel at gmail.com]
> Sent: Tuesday, October 19, 2004 8:31 AM
> To: samba at lists.samba.org
> Subject: [Samba] Making Red Hat 3 Authenticate against AD Domain
> I have a Red Hat 3 AS server I am trying to set Samba 3 up on. I want
> to use the homes function of Samba and I want user's to authenticate
> against my AD domain. I am having a problem making the server a member
> server of my domain.
> I tried using the smbpasswd command and got the error about trying net
> join for this action. Also, is there anything else I have to do to get
> my users to authenticate against the AD domain?
> Any help and suggestions would be much appreciated.
> Thanks,
> David
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list