[Samba] Re: Authentication against AD?

Jason Gerfen jason.gerfen at scl.utah.edu
Fri Sep 16 17:15:23 GMT 2005


Ernest Keller wrote:
...

>TIA
>
>Ernest
>  
>
I am at a loss here, I cannot map any AD container other then BUILTIN.

Here is some configuration info:

jason at odin-newb:~> testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[odin]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER

smb.conf contents:

[global]
        workgroup = domain
        netbios name = samba-box
        server string = samba-box.domain.com
        realm = DOMAIN.COM
        security = ads
        password server = dc.domain.com # no kdc errors if I specify a 
kdc server
        ldap idmap suffix = cn=users,dc=domain,dc=com

        prefered master = no
        local master = no
        domain master = no
        prefered master = no
        domain logons = no

        encrypt passwords = yes
        update encrypted = yes
        password level = 20

        winbind use default domain = yes
        winbind separator = \
        winbind enum users = yes
        winbind enum groups = yes
        idmap uid = 15000-20000
        idmap gid = 15000-20000

        hide unreadable = no
        wins support = no
        dns proxy = no

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        add machine script = /usr/sbin/useradd  -c Machine -d 
/var/lib/nobody -s /bin/false %m$
        use spnego = yes

        os level = 20
        template shell = /bin/bash
        template homedir = /home/%D/%U
        load printers = no

[odin]
        comment = samba share
        inherit acls = Yes
        path = /usr/local/odin/
        read only = no
        user = @"DOMAIN+domain users"
        force group = users
        force user = users
        guest ok = no

results of net ads join command:

jason at odin-newb:~> sudo net ads join -U Admin at DOMAIN.COM "users"
Admin at SCL.UTAH.EDU's password:
ads_join_realm: organizational unit users does not exist 
(dn:ou=users,dc=DOMAIN,dc=COM)

output of the wbinfo -g command:

jason at odin-newb:~> sudo wbinfo -g
BUILTIN/system operators
BUILTIN/replicators
BUILTIN/guests
BUILTIN/power users
BUILTIN/print operators
BUILTIN/administrators
BUILTIN/account operators
BUILTIN/backup operators
BUILTIN/users

and output of the wbinfo -u command:

jason at odin-newb:~> sudo wbinfo -u
Error looking up domain users

I have the available services:

jason at odin-newb:~> ps xaf | grep nmbd
 9530 ?        Ss     0:00 /usr/sbin/nmbd -D -s /etc/samba/smb.conf

jason at odin-newb:~> ps xaf | grep smbd
 9658 ?        Ss     0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf
 9681 ?        S      0:00  \_ /usr/sbin/smbd -D -s /etc/samba/smb.conf

jason at odin-newb:~> ps xaf | grep winbindd
 9669 ?        Ss     0:00 /usr/sbin/winbindd -s /etc/samba/smb.conf
 9670 ?        S      0:00  \_ /usr/sbin/winbindd -s /etc/samba/smb.conf

Am I doing something wrong?

...

>>LDAP://server.domain.com/CN=Users,DC=server,DC=domain,DC=com
>>
>>Note the CN=Users, vs. OU=Users, I will go read the RFC to see if I 
>>can get more info on this.
>>    
>>
>
>So, you're not authenticating against ADS?  If you are, are you sure the
>winbind daemon is running?
>
>Dimitri
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba
>  
>


-- 
Jason Gerfen

"My girlfriend threated to
 leave me if I went boarding...
 I will miss her."
 ~ DIATRIBE aka FBITKK



More information about the samba mailing list