[Samba] Re: Samba + AD etc.

sysrm sysrm at stvincent.ac.uk
Thu May 12 08:24:41 GMT 2005


Hi carlos,

Tried doing the smbclient bit and got back

[root at dev1 bin]# ./smbclient -Utest //172.16.2.253/mp3
Password:
Domain=[DEV-DOMAIN] OS=[Unix] Server=[Samba 3.0.14a]
tree connect failed: NT_STATUS_NO_SUCH_USER 

(NB no mp3's in there, just had to think of a test dir to set up... :P)

Test deffo exists on the AD so...

[root at dev1 bin]# wbinfo -u
DEV-DOMAIN+administrator
DEV-DOMAIN+guest
DEV-DOMAIN+auth1$
DEV-DOMAIN+krbtgt
DEV-DOMAIN+dev1$

!

Then do net ads user

[root at dev1 bin]# ./net ads user -UAdministrator
Administrator's password:
Administrator
Guest
krbtgt
test

Then wbinfo

[root at dev1 bin]# wbinfo -u
DEV-DOMAIN+administrator
DEV-DOMAIN+guest
DEV-DOMAIN+auth1$
DEV-DOMAIN+krbtgt
DEV-DOMAIN+dev1$
DEV-DOMAIN+dev2$
DEV-DOMAIN+test 

And try smbclient again

[root at dev1 bin]# ./smbclient -Utest //172.16.2.253/mp3
Password:
Domain=[DEV-DOMAIN] OS=[Unix] Server=[Samba 3.0.14a]
tree connect failed: NT_STATUS_NO_SUCH_USER

Now test doesn't exist in /etc/passwd so I can only assume that samba isnt
quite talking to the AD correctly?

Many Thanks

Ross

-----Original Message-----
From: samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org
[mailto:samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org] On Behalf Of
Carlos Rodrigues
Sent: 11 May 2005 17:47
To: samba at lists.samba.org
Subject: [Samba] Re: Samba + AD etc.

sysrm wrote:
> Hi all...
> 
> Im at the stage where:
> 
> Kinit works
> Net ads join -U Administrator works (I can see the computer in AD) Net 
> ads user works Wbinfo -u / -g / -t works Getent passwd/group works
> 
> What I cannot seem to get working is when someone logs onto the 
> domain, and then tries to map a drive to the samba server, its like 
> the credentials arent getting passed onto samba, or rather samba is 
> unable to look them up properly.

Can you log in to samba using "smbclient -Uuser //yourserver/yourshare"? 
And doing "kinit user; smbclient -k //yourserver/yourshare"?

> Am I missing a vital step/componant?
> 
> Things like su - ADUSERNAME don't work, and neither does chown, chgrp 
> commands ( are they even ment to work?)

They shouldn't. To have local authentication you must configure pam to use
whatever means of talking to the AD you are using (winbind, ldap or
kerberos).

> Any help, ideas, WHY HAVNT YOU READ THIS FAQ (I probably have in 
> fairness) gratefully received.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba



More information about the samba mailing list