[Samba] Re: ADS + Samba

Thomas M. Skeren III tms3 at fsklaw.com
Thu Oct 27 19:54:32 GMT 2005 

SNIP

>>
>>
>> I have a share set up for testing, but I cannot access it at all, I get
>> prompted for a username and password.
>
Um...have you changed PAM to allow logins authenticated from ADS.  If 
not, you will get exactly that message when accessing a share.

>>
>> I will include the configs from everything at the bottom of this email.
>> I'm sure it's something that I'm just overlooking, it usually is ;)
>>
>> TIA
>>
>> -reno
>>
>> Configs:
>>
>> Smb.conf
>>
>> [global]
>>         netbios name = sambaserver
>>         socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
>>         idmap uid = 10000-20000
>>         idmap gid = 10000-20000
>>         winbind enum users = yes
>>         winbind gid = 10000-20000
>>         workgroup = WORKGROUP <changed name to protect the innocent>
>>         os level = 20
>>         winbind enum groups = yes
>>         socket address = 192.168.1.2
>>         password server = ADSERVER
>>         preferred master = no
>>         winbind separator = +
>>         max log size = 50
>>         log file = /var/log/samba3/log.%m
>>         encrypt passwords = yes
>>         dns proxy = no
>>         realm = EXAMPLE.COM <once again, name change>
>>         security = ADSERVER
>>         wins server = 192.168.1.1
>>         wins proxy = no
>>
>>
>> [test]
>>         comment = Test Share
>>         writeable = yes
>>         path = /samba/test
>>         force user = DOMAIN+user
>>         browsable = yes
>>         available = yes
>>
>>
>>
>> krb5.conf
>>
>>
>> [libdefaults]
>>         ticket_lifetime = 600
>>         default_realm = EXAMPLE.COM
>>         default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
>>         default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
>>
>> [realms]
>>         EXAMPLE.COM = {
>>         kdc = adserver.example.com:88
>>
>>
>> nsswitch.conf
>>
>> passwd:  compat winbind
>> group:  compat winbind
>> shadow:  compat
>> hosts:  files dns wins
>> networks:  files dns
>> protocols:  db files
>> services:  db files
>> ethers:  db files
>> rpc:  db files
>>
>>
>>
>> kdc.conf
>>
>> [kdcdefaults]
>>         kdc_ports = 88,750
>>
>> [realms]
>>         EXAMPLE.COM = {
>>         database_name = /etc/krb5kdc/principal
>>         admin_keytab = /etc/krb5kdc/kadm5.keytab
>>         acl_file = /etc/krb5kdc/kadm5.acl
>>         dict_file = /etc/krb5kdc/kadm5.dict
>>         key_stash_file = /etc/krb5kdc/.k5.EXAMPLE.COM
>>         kadmind_port = 749
>>         max_life = 10h 0m 0s
>>         max_renewable_life = 7d 0h 0m 0s
>>         master_key_type = des3-hmac-sha1
>>         supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
>>         }
>>
>>
>>
>>
>>
>>
>

More information about the samba mailing list