[Samba] Getent doesn't work with AD users

Roland Carlsson roland at alfa-moving.se
Wed Feb 2 09:19:47 GMT 2005 

Hi!

I'm trying to get a second samba server to get to work but it seems like
there is something I have done wrong since I can't get getent to return the
users from my AD-server.

I have tried a lot of different solutions but no one that worked.

So, could anyone here please point me in the correct direction?

I'm running Suse 9.2 and Samba 3.0.9-2.1 and a Windows 2003 server with
Active Directory. 

Running wbinfo -u and wbinfo -g shows all users from the ad.

When trying to getent passwd I only get local users and no users from the
Active Directory. No output in /var/log/messages.

When restarting winbind i get the following in /var/log/messages

-------
Feb  2 09:54:47 aqmlin03 winbindd[4196]: [2005/02/02 09:54:47, 0]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
Feb  2 09:54:47 aqmlin03 winbindd[4196]:   cli_nt_setup_creds: request
challenge failed 
Feb  2 09:54:47 aqmlin03 winbindd[4196]: [2005/02/02 09:54:47, 0]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
Feb  2 09:54:47 aqmlin03 winbindd[4196]:   cli_nt_setup_creds: request
challenge failed 

-----------


My smb.conf file --------------------------------------

# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2004-12-20
[global]
        workgroup = alfa-moving
        server string = aqmlin03 samba server
        log file = /var/log/samba/%m.log
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
        include = /etc/samba/dhcp.conf
        logon path = \\%L\profiles\.msprofile
        logon home = \\%L\%U\.9xprofile
        comment = Home Directories
        realm = ALFA-MOVING.SE
        security = ADS
        password server = 192.168.10.10
        idmap uid = 16777216-33554431
        idmap gid = 16777216-33554431


[hdb]
        comment = Primary share
        path = /volume/hdb
        writeable = yes
        guest ok = yes
[hdc]
        comment = Secondary share
        path = /volume/hdc
        writeable = yes
        guest ok = yes

----------------

My krb5.conf ----------------------------------

[logging]
        default = FILE:/var/log/krb5libs.log
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmind.log

[libdefaults]
        default_realm = ALFA-MOVING.SE
        dns_lookup_realm = false
        dns_lookup_kdc = false
        clockskew = 300

[realms]
ALFA-MOVING.SE = {
        kdc = 192.168.10.10
}

[domain_realm]
        .kerberos.server = ALFA-MOVING.SE

[kdc]
        profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
        debug = false
        ticket_lifetime = 36000
        renew_lifetime = 36000
        forwardable = true
        krb4_convert = false
}

-------------------------

Thanks in advance
Roland Carlsson

More information about the samba mailing list