[Samba] Logging into linux machine using AD account?

Brian Atkins batkins at tlcdelivers.com
Fri Oct 14 18:02:18 GMT 2005

Greetings. I have just started scratching the surface of using Samba to 
create a SSO environment for my network. I have been playing a bit with 
both SuSE 9.3 and CentOS 4.1 to authenticate to an AD PDM (W2K).

I've made it the farthest with the CentOS server.  I have joined it to 
the domain and been able to verify AD users and groups using wbinfo 
[-u|-g] and getent [passwd|group]. I have even been able to `su` to an 
AD user on the CentOS server, but only with errors:

# su - DOMAIN\+testuser
id: cannot find name for user ID 16777216

It seems to pass, but with errors. (I had to manually create the homedir 
for the user: /home/DOMAIN/testuser to get `su` to work.)

I can't seem to login to the server using the account, though. I've been 
using a number of documents from Samba, O`Reilly, and other sources I 
googled up, but they are all pretty much the same. Am I missing 
something? Do I have to do something else to allow an existing AD 
account to log into the machine?

Here's my config:

     workgroup = DOMAIN
    server string = Samba Server
    printcap name = /etc/printcap
    load printers = yes
    cups options = raw
    log file = /var/log/samba/%m.log
    max log size = 50
    security = ADS
    winbind separator = +
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    dns proxy = no
    idmap uid = 16777216-33554431
    idmap gid = 16777216-33554431
    template shell = /bin/bash
    winbind use default domain = no
    password server = pdc.addomain.mydomain.com
    comment = Home Directories
    browseable = no
    writable = yes
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    writable = no
    printable = yes

         ticket_lifetime = 600
         default_realm = ADDOMAIN.MYDOMAIN.COM
         default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 
         default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 
         permitted_enctypes = rc4-hmac des3-hmac-sha1 des-cbc-crc 
des-cbc-md5 arcfoug-hmac-md5 arcfour-hmac-md
         kdc =
         kdc =
         kdc = FILE:/var/log/krb5kdc.log
         admin_server = FILE:/var/log/kadmin.log
         default = FILE:/var/log/krb5lib.log

passwd:     compat winbind
shadow:     files winbind
group:      compat winbind
hosts:      files dns winbind
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files winbind
rpc:        files
services:   files winbind
netgroup:   files winbind
publickey:  nisplus
automount:  files winbind
aliases:    files nisplus


"An adventure is never an adventure
when it’s happening. Challenging
experiences need time to ferment,
and adventure is simply physical
and emotional comfort recollected
in tranquility." - Tim Cahill
(Hold the Enlightenment - 2002)

More information about the samba mailing list