[Samba] Re: ADS + Samba

Sean Aldrich news at seanzone.com
Thu Oct 27 18:42:17 GMT 2005 

I was getting the same thing here until I used this:

wbinfo --set-auth-user=user%password

and gave it a valid user account on the primary domain to authenticate 
with.  Not sure if I still need it or not for regular authentication to 
shares.

Romanin, Reno wrote:
> Hello Samba list! 
> 
> 
> I have installed samba, joined it to the AD domain (lets say EXAMPLE.COM)
> and can auth against it with kinit.
> 
> There are also 2 domains that we have a trust established with. Lets say
> trust1 and trust2.
> 
> When I do a wbinfo -u I get:
> 
> Trust1+username
> Trust2+username
> 
> I get nothing from the local domain.
> 
> I have a share set up for testing, but I cannot access it at all, I get
> prompted for a username and password.
> 
> I will include the configs from everything at the bottom of this email. 
> 
> I'm sure it's something that I'm just overlooking, it usually is ;)
> 
> TIA
> 
> -reno
> 
> Configs:
> 
> Smb.conf
> 
> [global]
>         netbios name = sambaserver
>         socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         winbind enum users = yes
>         winbind gid = 10000-20000
>         workgroup = WORKGROUP <changed name to protect the innocent>
>         os level = 20
>         winbind enum groups = yes
>         socket address = 192.168.1.2
>         password server = ADSERVER
>         preferred master = no
>         winbind separator = +
>         max log size = 50
>         log file = /var/log/samba3/log.%m
>         encrypt passwords = yes
>         dns proxy = no
>         realm = EXAMPLE.COM <once again, name change>
>         security = ADSERVER
>         wins server = 192.168.1.1
>         wins proxy = no
> 
> 
> [test]
>         comment = Test Share
>         writeable = yes
>         path = /samba/test
>         force user = DOMAIN+user
>         browsable = yes
>         available = yes
> 
> 
> 
> krb5.conf
> 
> 
> [libdefaults]
>         ticket_lifetime = 600
>         default_realm = EXAMPLE.COM
>         default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
>         default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
> 
> [realms]
>         EXAMPLE.COM = {
>         kdc = adserver.example.com:88
> 
> 
> nsswitch.conf
> 
> passwd:  compat winbind
> group:  compat winbind
> shadow:  compat
> hosts:  files dns wins
> networks:  files dns
> protocols:  db files
> services:  db files
> ethers:  db files
> rpc:  db files
> 
> 
> 
> kdc.conf
> 
> [kdcdefaults]
>         kdc_ports = 88,750
> 
> [realms]
>         EXAMPLE.COM = {
>         database_name = /etc/krb5kdc/principal
>         admin_keytab = /etc/krb5kdc/kadm5.keytab
>         acl_file = /etc/krb5kdc/kadm5.acl
>         dict_file = /etc/krb5kdc/kadm5.dict
>         key_stash_file = /etc/krb5kdc/.k5.EXAMPLE.COM
>         kadmind_port = 749
>         max_life = 10h 0m 0s
>         max_renewable_life = 7d 0h 0m 0s
>         master_key_type = des3-hmac-sha1
>         supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
>         }
> 
> 
> 
> 
> 
>

More information about the samba mailing list