[Samba] Making Red Hat 3 Authenticate against AD Domain

Kevin Riggins kevin.riggins at comdev.com
Tue Oct 19 16:09:42 GMT 2004 

I also thought of something else, make sure you are using the binaries
that were installed by the new Kerberos package.  I accomplished this by
putting /usr/local/bin and /usr/local/sbin at the beginning of my path
statement.  This needs to be done prior to compiling Samba, because
Samba uses the krb5-config command to configure itself for Kerberos.

If `which kinit` returns anything other than /usr/local/bin, this is
contributing to the problem.

My bad, sorry.

No services are necessary for the Kerberos portion of the setup.

Kevin

-----Original Message-----
From: David Nickel [mailto:dnickel at gmail.com] 
Sent: Tuesday, October 19, 2004 10:59 AM
To: Kevin Riggins
Cc: samba at lists.samba.org
Subject: Re: [Samba] Making Red Hat 3 Authenticate against AD Domain


I have tried the uppercase, lowercase and any combinations. I have
made the following changes to my krb5.conf file and still get the same
error. What services need to be started? Thanks alot for your input.



On Tue, 19 Oct 2004 10:44:29 -0500, Kevin Riggins
<kevin.riggins at comdev.com> wrote:
> One other thing.  My /etc/krb5.conf file is a bit different than the
one
> given on the page I sent you to.
> 
> The pertinent portion being below:
> 
> [libdefaults]
>  ticket_lifetime = 24000
>  default_realm = COMDEV.COM
>  default_tgs_enctypes = rc4-hmac
>  default_tkt_enctypes = rc4-hmac
>  forwardable = true
>  proxiable = true
>  dns_lookup_realm = false
>  dns_lookup_kdc = false
> 
> 
> 
> 
> -----Original Message-----
> From: David Nickel [mailto:dnickel at gmail.com]
> Sent: Tuesday, October 19, 2004 10:15 AM
> To: Kevin Riggins
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Making Red Hat 3 Authenticate against AD Domain
> 
> Thanks for the link and info. I have tried it, but when I get to the
> testing kerberos I get an error.
> 
> command: kinit ADMINISTRATOR at domain.com
> error: kinit(v5): KDC has no support for encryption type while getting
> initial credentials
> 
> FYI: All I want to do is allow my users, once they logon on to there
> domain computers, map to their directory on the web server through
> domain authentication instead of the local /etc/passwd file.
> 
> On Tue, 19 Oct 2004 08:58:17 -0500, Kevin Riggins
> <kevin.riggins at comdev.com> wrote:
> > David,
> >
> > I found this webpage to be very useful for setting up samba with
> active
> > directory authentication -
> > http://www.rongage.org/manual_samba_howto.html.  I started with a
very
> > base install of WBEL without samba.  The version of Kerberos that
> comes
> > with WBEL is not new enough to work with a Win2K AD domain or at
least
> I
> > could never get it to work. I used the latest versions of Samba and
> > Kerberos.  OpenLDAP was not needed since it was already installed on
> the
> > box.
> >
> > My homes share definition looks like this:
> >
> > [global]
> >        template homedir = /home/%D/%U
> >
> > [homes]
> >        comment = Home Directories
> >        create mask = 0600
> >        directory mask = 0700
> >        read only = no
> >        browseable = no
> >        valid users = @"Domain Admins",@"Domain Users"
> >        veto oplock files = /*.xls/
> >
> > The "veto oplock files = /*.xls/" line is to take care of a problem
> with
> > excel thinking that a file has been changed since opened when it
> > actually hasn't been.
> >
> > I created the /home/<DOMAIN>/ directory with the group set to
"Domain
> > Admins" and group rights of u+rwx,g+rwsx,o-rwsx so that I could use
> > "Active Directory Users and Computers" to set the home directory.
The
> > domain name had to be all caps for it to work right.  Right now I am
> > manually creating the home directory and setting ownership and
> > permissions.  Haven't been able to get the home directory creation
> > through "Active Directory Users and Computers" working yet.
> >
> > Kevin Riggins, CISSP
> > Quester Linguistics, Inc.
> >
> >
> >
> >
> > -----Original Message-----
> > From: David Nickel [mailto:dnickel at gmail.com]
> > Sent: Tuesday, October 19, 2004 8:31 AM
> > To: samba at lists.samba.org
> > Subject: [Samba] Making Red Hat 3 Authenticate against AD Domain
> >
> > I have a Red Hat 3 AS server I am trying to set Samba 3 up on. I
want
> > to use the homes function of Samba and I want user's to authenticate
> > against my AD domain. I am having a problem making the server a
member
> > server of my domain.
> >
> > I tried using the smbpasswd command and got the error about trying
net
> > join for this action. Also, is there anything else I have to do to
get
> > my users to authenticate against the AD domain?
> >
> > Any help and suggestions would be much appreciated.
> >
> > Thanks,
> >
> > David
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
>

More information about the samba mailing list