[Samba] ADS question

IslandBwoy IslandBwoy at ToughGuy.net
Wed Mar 9 22:33:20 GMT 2005


I had this issue and learned that it was a misunderstanding of mine that
once i added the samba server to the domain and enabled winbind that it
would authenticate all my ADS users without intervention.  However, upon
further investication I found that only users that had an account with the
same name on the samba server would be authenticated to the share.  To make
a long story short, you need to do so more configuration with winbind
allowing it to do the following, get domain user information, communicate
with PDC for authentication and use PAM for something or the other.

Just look up the winbind section in the samba reference guide and you will
see what I'm speaking of.

Good luck
----- Original Message ----- 
From: "Michael Wray" <mwray at aimconnect.com>
To: <samba at lists.samba.org>
Sent: Wednesday, March 09, 2005 4:04 PM
Subject: Re: [Samba] ADS question


> On Wednesday 09 March 2005 8:56 am, Marcus Franke wrote:
> > Hi,
> >
> > > [public]
> > > comment = Backup Verzeichnis
> > > path = /mnt/backup
> > > admin users = DOMAIN+Administrator, root
> > > valid users = DOMAIN+Administrator, root
> > >
> > > The administrator of my Windows domain now should be able
> > > to access the "public" share. But when I try to access the
> > > box I am asked for a username and a password.
> > >
> > > I found, that getent passwd and group does not list the
> > > domain users and groups, just my local users and groups
> > >
> > > >from /etc/passwd and /etc/groups.
> >
> > After some more searching, I tuned the loglevel up to 10 and
> > found these entries in winbindd.log:
> >
> > [2005/03/09 15:37:00, 0]
> > libsmb/cliconnect.c:cli_session_setup_spnego(764)
> >   Kinit failed: Preauthentication failed
> > [2005/03/09 15:38:12, 1]
> > nsswitch/winbindd_group.c:winbindd_getgroups(1032)
> >   user 'marcus' does not exist
> > [2005/03/09 15:38:28, 1]
> > nsswitch/winbindd_group.c:winbindd_getgroups(1032)
> >   user 'root' does not exist
> > [2005/03/09 15:40:00, 1]
> > nsswitch/winbindd_group.c:winbindd_getgroups(1032)
> >   user 'root' does not exist
> > [2005/03/09 15:42:00, 0]
> > libsmb/cliconnect.c:cli_session_setup_spnego(764)
> >   Kinit failed: Preauthentication failed
> >
> > kinit failed?
> >
> > I can use wbinfo -[sgu] even from the local user "marcus"
> > and get positive info from it, why not when invoked from
> > the server?
> >
> > I can mail the smbd log for the machine I am trying to connect
> > to the server. But the output is huge (41k) and I would not
> > like to post it directly to the list :)
> >
> > Any suggestions? I would be happy for every hint.
> >
> >
> > Marcus
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba




More information about the samba mailing list