[Samba] Re: ADS + Samba

diamondz at adelphia.net diamondz at adelphia.net
Thu Oct 27 20:42:32 GMT 2005 

 Please disregard.  Wrong e-mail.

---- "Thomas M. Skeren III" <tms3 at fsklaw.com> wrote: 
> SNIP
> 
> >>
> >>
> >> I have a share set up for testing, but I cannot access it at all, I get
> >> prompted for a username and password.
> >
> Um...have you changed PAM to allow logins authenticated from ADS.  If 
> not, you will get exactly that message when accessing a share.
> 
> >>
> >> I will include the configs from everything at the bottom of this email.
> >> I'm sure it's something that I'm just overlooking, it usually is ;)
> >>
> >> TIA
> >>
> >> -reno
> >>
> >> Configs:
> >>
> >> Smb.conf
> >>
> >> [global]
> >>         netbios name = sambaserver
> >>         socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
> >>         idmap uid = 10000-20000
> >>         idmap gid = 10000-20000
> >>         winbind enum users = yes
> >>         winbind gid = 10000-20000
> >>         workgroup = WORKGROUP <changed name to protect the innocent>
> >>         os level = 20
> >>         winbind enum groups = yes
> >>         socket address = 192.168.1.2
> >>         password server = ADSERVER
> >>         preferred master = no
> >>         winbind separator = +
> >>         max log size = 50
> >>         log file = /var/log/samba3/log.%m
> >>         encrypt passwords = yes
> >>         dns proxy = no
> >>         realm = EXAMPLE.COM <once again, name change>
> >>         security = ADSERVER
> >>         wins server = 192.168.1.1
> >>         wins proxy = no
> >>
> >>
> >> [test]
> >>         comment = Test Share
> >>         writeable = yes
> >>         path = /samba/test
> >>         force user = DOMAIN+user
> >>         browsable = yes
> >>         available = yes
> >>
> >>
> >>
> >> krb5.conf
> >>
> >>
> >> [libdefaults]
> >>         ticket_lifetime = 600
> >>         default_realm = EXAMPLE.COM
> >>         default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
> >>         default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
> >>
> >> [realms]
> >>         EXAMPLE.COM = {
> >>         kdc = adserver.example.com:88
> >>
> >>
> >> nsswitch.conf
> >>
> >> passwd:  compat winbind
> >> group:  compat winbind
> >> shadow:  compat
> >> hosts:  files dns wins
> >> networks:  files dns
> >> protocols:  db files
> >> services:  db files
> >> ethers:  db files
> >> rpc:  db files
> >>
> >>
> >>
> >> kdc.conf
> >>
> >> [kdcdefaults]
> >>         kdc_ports = 88,750
> >>
> >> [realms]
> >>         EXAMPLE.COM = {
> >>         database_name = /etc/krb5kdc/principal
> >>         admin_keytab = /etc/krb5kdc/kadm5.keytab
> >>         acl_file = /etc/krb5kdc/kadm5.acl
> >>         dict_file = /etc/krb5kdc/kadm5.dict
> >>         key_stash_file = /etc/krb5kdc/.k5.EXAMPLE.COM
> >>         kadmind_port = 749
> >>         max_life = 10h 0m 0s
> >>         max_renewable_life = 7d 0h 0m 0s
> >>         master_key_type = des3-hmac-sha1
> >>         supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
> >>         }
> >>
> >>
> >>
> >>
> >>
> >>
> >
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list