[Samba] Problem with security = ads

Ronny Egner ronny.egner at siv.de
Mon Aug 22 07:33:41 GMT 2005 

Hi list,

i am having trouble authenticating users against an
windows 2003 sp1 ads.

I am using samba 3.0.20-0.1

Here is my smb.conf:

         workgroup = SIV
         map to guest = Bad User
         security = ads
         password server = ads01.siv.de
         realm = siv.de
         client ntlmv2 auth = yes
         spnego = yes


My krb5.conf:

[libdefaults]
         default_realm = SIV.DE
         dns_lookup_realm = false
         dns_lookup_kdc = false
         clockskew = 300
         #
         # Set this to false to disable MIT krb5 compatibility
         # in GSSAPI get_mic/verify_mic, and become compatible
         # with older Heimdal releases instead.
         gss_mit_compat = true
[realms]
         SIV.DE = {
                 kdc = ads01.siv.de
                 #admin_server = ads01.siv.de
                 default_domain = siv.de
         }
[domain_realm]
         .siv.de = SIV.DE
         siv.de  = SIV.DE
[logging]
         default = SYSLOG:NOTICE:DAEMON
         kdc = FILE:/var/log/kdc.log
         kadmind = FILE:/var/log/kadmind.log
[appdefaults]
         pam = {
                 ticket_lifetime = 1d
                 renew_lifetime = 1d
                 forwardable = true
                 proxiable = false
                 retain_after_close = false
                 minimum_uid = 0
                 debug = false
         }


As you can see i do not use winbind. Is the wrong, i.e. is winbind
required to authenticate users against ads ?

The configuration itself works nearly right.
When i try to access the samba server via windows is see in
the log file:

Username SIV.DE/regner is invalid on this system


When i login as user 'regner' (without domain prefix) and
password the login works successful ! I´ve tested this
behavios with several account. All work successful without
domain prefix.


Can anybody help ??

-- 



Mit freundlichen Grüßen

Ronny Egner

SIV.AG
Konrad-Zuse-Straße 1
18184 Roggentin

Telefon: +49 (0)3 81 / 25 24 422
Telefax: +49 (0)3 81 / 25 24 399

mailto:ronny.egner at siv.de
http://www.siv.de

**********************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity
to whom they are addressed. The views expressed in this
e-mail are those of the individual author and not necessarily
those of SIV.AG.

This footnote also confirms that this email message has
been swept by serval anti-virus tools for the presence
of computer viruses.
**********************************************************************

More information about the samba mailing list