[Samba] Authentication against AD?

Jason Gerfen jason.gerfen at scl.utah.edu
Tue Sep 13 19:16:03 GMT 2005


Dimitri Yioulos wrote:

>On Tuesday 13 September 2005 11:09 am, Jason Gerfen wrote:
>  
>
>>I am having a hard time getting Samba to authentication correctly
>>against a Windows Active Directory setup.
>>
>>Here is a snap of the smb.conf
>>[global]
>>        passdb backend = ldapsam
>>        security = domain
>>        password server = server1.com server2.com
>>        prefered master = No
>>        local master = no
>>        hide unreadable = yes
>>        wins support = no
>>        winbind use default domain = yes
>>        domain master = No
>>        netbios name = samba-newb
>>        workgroup = scl
>>        prefered master = no
>>        dns proxy = no
>>        idmap uid = 15000-20000
>>        idmap gid = 15000-20000
>>        realm = server.com
>>        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>        add machine script = /usr/sbin/useradd  -c Machine -d
>>/var/lib/nobody -s /bin/false %m$
>>        use spnego = yes
>>        server string = samba-newb
>>        update encrypted = yes
>>        domain logons = yes
>>        winbind separator = +
>>        winbind enum users = yes
>>        winbind enum groups = yes
>>        encrypt passwords = yes
>>        os level = 20
>>        template shell = /bin/bash
>>        template homedir = /home/%D/%U
>>
>>[newb]
>>        comment = newb
>>        inherit acls = Yes
>>        path = /usr/local/files/
>>        read only = no
>>        force group = users
>>        force user = users
>>        guest ok = no
>>
>>I can run the net ads join command which works fine, but if I try to
>>authentication without a local account I am recieving errors.  Any
>>assistance or pointers is appreciated.
>>
>>--
>>Jason Gerfen
>>Student Computing Labs, University Of Utah
>>jason.gerfen at scl.utah.edu
>>
>>J. Willard Marriott Library
>>295 S 1500 E, Salt Lake City, UT 84112-0860
>>801-585-9810
>>
>>"My girlfriend threated to
>> leave me if I went boarding...
>> I will miss her."
>> ~ DIATRIBE aka FBITKK
>>    
>>
>
>Jason,
>
>It looks like your smb.conf is set up more for a Samba PDC than for a member 
>server in a Windows AD.  Are you looking to make your Samba server a member 
>server?  If so:
>
>security = ads
>wins server = ip.of.your.winsserver
>
>I don't believe you need:
>
>passdb backend = ldapsam
>
>Is kerberos installed, and do you have krb5.conf set up properly?
>
>  
>
I removed the passdb backend = ldapsam
Kerberos is installed and the krb5.conf is working as the kinit and 
klist work for gathering the TGT's
I also modified the server to = ads
I don't have a wins server, so that is not configured.

I am still experiencing the same problems with having this work as a 
member server.  Any other tips out there?

>Dimitri
>  
>


-- 
Jason Gerfen

"My girlfriend threated to
 leave me if I went boarding...
 I will miss her."
 ~ DIATRIBE aka FBITKK



More information about the samba mailing list