[Samba] Authentication against AD?
Jason Gerfen
jason.gerfen at scl.utah.edu
Tue Sep 13 19:16:03 GMT 2005
Dimitri Yioulos wrote:
>On Tuesday 13 September 2005 11:09 am, Jason Gerfen wrote:
>
>
>>I am having a hard time getting Samba to authentication correctly
>>against a Windows Active Directory setup.
>>
>>Here is a snap of the smb.conf
>>[global]
>> passdb backend = ldapsam
>> security = domain
>> password server = server1.com server2.com
>> prefered master = No
>> local master = no
>> hide unreadable = yes
>> wins support = no
>> winbind use default domain = yes
>> domain master = No
>> netbios name = samba-newb
>> workgroup = scl
>> prefered master = no
>> dns proxy = no
>> idmap uid = 15000-20000
>> idmap gid = 15000-20000
>> realm = server.com
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> add machine script = /usr/sbin/useradd -c Machine -d
>>/var/lib/nobody -s /bin/false %m$
>> use spnego = yes
>> server string = samba-newb
>> update encrypted = yes
>> domain logons = yes
>> winbind separator = +
>> winbind enum users = yes
>> winbind enum groups = yes
>> encrypt passwords = yes
>> os level = 20
>> template shell = /bin/bash
>> template homedir = /home/%D/%U
>>
>>[newb]
>> comment = newb
>> inherit acls = Yes
>> path = /usr/local/files/
>> read only = no
>> force group = users
>> force user = users
>> guest ok = no
>>
>>I can run the net ads join command which works fine, but if I try to
>>authentication without a local account I am recieving errors. Any
>>assistance or pointers is appreciated.
>>
>>--
>>Jason Gerfen
>>Student Computing Labs, University Of Utah
>>jason.gerfen at scl.utah.edu
>>
>>J. Willard Marriott Library
>>295 S 1500 E, Salt Lake City, UT 84112-0860
>>801-585-9810
>>
>>"My girlfriend threated to
>> leave me if I went boarding...
>> I will miss her."
>> ~ DIATRIBE aka FBITKK
>>
>>
>
>Jason,
>
>It looks like your smb.conf is set up more for a Samba PDC than for a member
>server in a Windows AD. Are you looking to make your Samba server a member
>server? If so:
>
>security = ads
>wins server = ip.of.your.winsserver
>
>I don't believe you need:
>
>passdb backend = ldapsam
>
>Is kerberos installed, and do you have krb5.conf set up properly?
>
>
>
I removed the passdb backend = ldapsam
Kerberos is installed and the krb5.conf is working as the kinit and
klist work for gathering the TGT's
I also modified the server to = ads
I don't have a wins server, so that is not configured.
I am still experiencing the same problems with having this work as a
member server. Any other tips out there?
>Dimitri
>
>
--
Jason Gerfen
"My girlfriend threated to
leave me if I went boarding...
I will miss her."
~ DIATRIBE aka FBITKK
More information about the samba
mailing list