[Samba] Making Red Hat 3 Authenticate against AD Domain
David Nickel
dnickel at gmail.com
Tue Oct 19 16:45:35 GMT 2004
I am using the kinit that is default rpm with RHEL AS
which kinit is returning: /usr/kerberos/bin/kinit
On Tue, 19 Oct 2004 11:09:42 -0500, Kevin Riggins
<kevin.riggins at comdev.com> wrote:
> I also thought of something else, make sure you are using the binaries
> that were installed by the new Kerberos package. I accomplished this by
> putting /usr/local/bin and /usr/local/sbin at the beginning of my path
> statement. This needs to be done prior to compiling Samba, because
> Samba uses the krb5-config command to configure itself for Kerberos.
>
> If `which kinit` returns anything other than /usr/local/bin, this is
> contributing to the problem.
>
> My bad, sorry.
>
> No services are necessary for the Kerberos portion of the setup.
>
> Kevin
>
>
>
> -----Original Message-----
> From: David Nickel [mailto:dnickel at gmail.com]
> Sent: Tuesday, October 19, 2004 10:59 AM
> To: Kevin Riggins
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Making Red Hat 3 Authenticate against AD Domain
>
> I have tried the uppercase, lowercase and any combinations. I have
> made the following changes to my krb5.conf file and still get the same
> error. What services need to be started? Thanks alot for your input.
>
> On Tue, 19 Oct 2004 10:44:29 -0500, Kevin Riggins
> <kevin.riggins at comdev.com> wrote:
> > One other thing. My /etc/krb5.conf file is a bit different than the
> one
> > given on the page I sent you to.
> >
> > The pertinent portion being below:
> >
> > [libdefaults]
> > ticket_lifetime = 24000
> > default_realm = COMDEV.COM
> > default_tgs_enctypes = rc4-hmac
> > default_tkt_enctypes = rc4-hmac
> > forwardable = true
> > proxiable = true
> > dns_lookup_realm = false
> > dns_lookup_kdc = false
> >
> >
> >
> >
> > -----Original Message-----
> > From: David Nickel [mailto:dnickel at gmail.com]
> > Sent: Tuesday, October 19, 2004 10:15 AM
> > To: Kevin Riggins
> > Cc: samba at lists.samba.org
> > Subject: Re: [Samba] Making Red Hat 3 Authenticate against AD Domain
> >
> > Thanks for the link and info. I have tried it, but when I get to the
> > testing kerberos I get an error.
> >
> > command: kinit ADMINISTRATOR at domain.com
> > error: kinit(v5): KDC has no support for encryption type while getting
> > initial credentials
> >
> > FYI: All I want to do is allow my users, once they logon on to there
> > domain computers, map to their directory on the web server through
> > domain authentication instead of the local /etc/passwd file.
> >
> > On Tue, 19 Oct 2004 08:58:17 -0500, Kevin Riggins
> > <kevin.riggins at comdev.com> wrote:
> > > David,
> > >
> > > I found this webpage to be very useful for setting up samba with
> > active
> > > directory authentication -
> > > http://www.rongage.org/manual_samba_howto.html. I started with a
> very
> > > base install of WBEL without samba. The version of Kerberos that
> > comes
> > > with WBEL is not new enough to work with a Win2K AD domain or at
> least
> > I
> > > could never get it to work. I used the latest versions of Samba and
> > > Kerberos. OpenLDAP was not needed since it was already installed on
> > the
> > > box.
> > >
> > > My homes share definition looks like this:
> > >
> > > [global]
> > > template homedir = /home/%D/%U
> > >
> > > [homes]
> > > comment = Home Directories
> > > create mask = 0600
> > > directory mask = 0700
> > > read only = no
> > > browseable = no
> > > valid users = @"Domain Admins",@"Domain Users"
> > > veto oplock files = /*.xls/
> > >
> > > The "veto oplock files = /*.xls/" line is to take care of a problem
> > with
> > > excel thinking that a file has been changed since opened when it
> > > actually hasn't been.
> > >
> > > I created the /home/<DOMAIN>/ directory with the group set to
> "Domain
> > > Admins" and group rights of u+rwx,g+rwsx,o-rwsx so that I could use
> > > "Active Directory Users and Computers" to set the home directory.
> The
> > > domain name had to be all caps for it to work right. Right now I am
> > > manually creating the home directory and setting ownership and
> > > permissions. Haven't been able to get the home directory creation
> > > through "Active Directory Users and Computers" working yet.
> > >
> > > Kevin Riggins, CISSP
> > > Quester Linguistics, Inc.
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: David Nickel [mailto:dnickel at gmail.com]
> > > Sent: Tuesday, October 19, 2004 8:31 AM
> > > To: samba at lists.samba.org
> > > Subject: [Samba] Making Red Hat 3 Authenticate against AD Domain
> > >
> > > I have a Red Hat 3 AS server I am trying to set Samba 3 up on. I
> want
> > > to use the homes function of Samba and I want user's to authenticate
> > > against my AD domain. I am having a problem making the server a
> member
> > > server of my domain.
> > >
> > > I tried using the smbpasswd command and got the error about trying
> net
> > > join for this action. Also, is there anything else I have to do to
> get
> > > my users to authenticate against the AD domain?
> > >
> > > Any help and suggestions would be much appreciated.
> > >
> > > Thanks,
> > >
> > > David
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > >
> >
>
More information about the samba
mailing list