[Samba] Authentication against AD?

Dimitri Yioulos dyioulos at firstbhph.com
Tue Sep 13 15:28:44 GMT 2005 

On Tuesday 13 September 2005 11:09 am, Jason Gerfen wrote:
> I am having a hard time getting Samba to authentication correctly
> against a Windows Active Directory setup.
>
> Here is a snap of the smb.conf
> [global]
>         passdb backend = ldapsam
>         security = domain
>         password server = server1.com server2.com
>         prefered master = No
>         local master = no
>         hide unreadable = yes
>         wins support = no
>         winbind use default domain = yes
>         domain master = No
>         netbios name = samba-newb
>         workgroup = scl
>         prefered master = no
>         dns proxy = no
>         idmap uid = 15000-20000
>         idmap gid = 15000-20000
>         realm = server.com
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         add machine script = /usr/sbin/useradd  -c Machine -d
> /var/lib/nobody -s /bin/false %m$
>         use spnego = yes
>         server string = samba-newb
>         update encrypted = yes
>         domain logons = yes
>         winbind separator = +
>         winbind enum users = yes
>         winbind enum groups = yes
>         encrypt passwords = yes
>         os level = 20
>         template shell = /bin/bash
>         template homedir = /home/%D/%U
>
> [newb]
>         comment = newb
>         inherit acls = Yes
>         path = /usr/local/files/
>         read only = no
>         force group = users
>         force user = users
>         guest ok = no
>
> I can run the net ads join command which works fine, but if I try to
> authentication without a local account I am recieving errors.  Any
> assistance or pointers is appreciated.
>
> --
> Jason Gerfen
> Student Computing Labs, University Of Utah
> jason.gerfen at scl.utah.edu
>
> J. Willard Marriott Library
> 295 S 1500 E, Salt Lake City, UT 84112-0860
> 801-585-9810
>
> "My girlfriend threated to
>  leave me if I went boarding...
>  I will miss her."
>  ~ DIATRIBE aka FBITKK

Jason,

It looks like your smb.conf is set up more for a Samba PDC than for a member 
server in a Windows AD.  Are you looking to make your Samba server a member 
server?  If so:

security = ads
wins server = ip.of.your.winsserver

I don't believe you need:

passdb backend = ldapsam

Is kerberos installed, and do you have krb5.conf set up properly?

Dimitri

More information about the samba mailing list