[Samba] samba3+ADS

subramanian.ponnusamy at iflexsolutions.com subramanian.ponnusamy at iflexsolutions.com
Mon Jan 17 16:06:29 GMT 2005

Hi Andrew,

First of all thanks for your quick response.

As you suggest I have recompiled samba without
--with-winbind-auth-challenge --with-dce-dfs option. 

Following parameter I made it true.

dns_lookup_realm = true
dns_lookup_kdc = true

Now I am able to see ADS and local users when I give getent passwd 

Thanks a lot again.

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Friday, January 14, 2005 8:18 AM
To: Subramanian Ponnusamy -IP
Cc: samba at samba.org
Subject: Re: [Samba] samba3+ADS

On Fri, 2005-01-14 at 04:10 +0530,
subramanian.ponnusamy at iflexsolutions.com wrote:
> Hi ,
> I'm using RH9, and I have compiled samba 3.0.1 compiled from sources,
> with the following options:
> ./configure --with-winbind --with-winbind-auth-challenge --with-pam \

--with-winbind-auth-challenge no longer exists in Samba 3.0, it was a
Samba 2.2 only option, for squid sites.

> --with-acl-support --with-ldapsam --with-pam_smbpass \
> --with-ads --with-ldap --with-dce-dfs --with-smbwrapper --enable-pam

Do you really need --with-dce-dfs?

>  net ads join -S server.domain.com -U support
>  worked fine.
> I started winbindd. 'wbinfo -u' & 'wbinfo -g' can get all users &
> from domain.
> But the command 'getent passwd' could only show local accounts,
> any
> domain mapped accounts inside.

 dns_lookup_realm = false

I would set that to true, and ensure that your internal DNS is all
correct.  It's better not to have things in your krb5.conf, and have teh
DNS lookups handle it - it tends to be more reliable once it's going.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.

More information about the samba mailing list