[Samba] Re: Authentication against AD?
Jason Gerfen
jason.gerfen at scl.utah.edu
Fri Sep 16 17:15:23 GMT 2005
Ernest Keller wrote:
...
>TIA
>
>Ernest
>
>
I am at a loss here, I cannot map any AD container other then BUILTIN.
Here is some configuration info:
jason at odin-newb:~> testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[odin]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
smb.conf contents:
[global]
workgroup = domain
netbios name = samba-box
server string = samba-box.domain.com
realm = DOMAIN.COM
security = ads
password server = dc.domain.com # no kdc errors if I specify a
kdc server
ldap idmap suffix = cn=users,dc=domain,dc=com
prefered master = no
local master = no
domain master = no
prefered master = no
domain logons = no
encrypt passwords = yes
update encrypted = yes
password level = 20
winbind use default domain = yes
winbind separator = \
winbind enum users = yes
winbind enum groups = yes
idmap uid = 15000-20000
idmap gid = 15000-20000
hide unreadable = no
wins support = no
dns proxy = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add machine script = /usr/sbin/useradd -c Machine -d
/var/lib/nobody -s /bin/false %m$
use spnego = yes
os level = 20
template shell = /bin/bash
template homedir = /home/%D/%U
load printers = no
[odin]
comment = samba share
inherit acls = Yes
path = /usr/local/odin/
read only = no
user = @"DOMAIN+domain users"
force group = users
force user = users
guest ok = no
results of net ads join command:
jason at odin-newb:~> sudo net ads join -U Admin at DOMAIN.COM "users"
Admin at SCL.UTAH.EDU's password:
ads_join_realm: organizational unit users does not exist
(dn:ou=users,dc=DOMAIN,dc=COM)
output of the wbinfo -g command:
jason at odin-newb:~> sudo wbinfo -g
BUILTIN/system operators
BUILTIN/replicators
BUILTIN/guests
BUILTIN/power users
BUILTIN/print operators
BUILTIN/administrators
BUILTIN/account operators
BUILTIN/backup operators
BUILTIN/users
and output of the wbinfo -u command:
jason at odin-newb:~> sudo wbinfo -u
Error looking up domain users
I have the available services:
jason at odin-newb:~> ps xaf | grep nmbd
9530 ? Ss 0:00 /usr/sbin/nmbd -D -s /etc/samba/smb.conf
jason at odin-newb:~> ps xaf | grep smbd
9658 ? Ss 0:00 /usr/sbin/smbd -D -s /etc/samba/smb.conf
9681 ? S 0:00 \_ /usr/sbin/smbd -D -s /etc/samba/smb.conf
jason at odin-newb:~> ps xaf | grep winbindd
9669 ? Ss 0:00 /usr/sbin/winbindd -s /etc/samba/smb.conf
9670 ? S 0:00 \_ /usr/sbin/winbindd -s /etc/samba/smb.conf
Am I doing something wrong?
...
>>LDAP://server.domain.com/CN=Users,DC=server,DC=domain,DC=com
>>
>>Note the CN=Users, vs. OU=Users, I will go read the RFC to see if I
>>can get more info on this.
>>
>>
>
>So, you're not authenticating against ADS? If you are, are you sure the
>winbind daemon is running?
>
>Dimitri
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
--
Jason Gerfen
"My girlfriend threated to
leave me if I went boarding...
I will miss her."
~ DIATRIBE aka FBITKK
More information about the samba
mailing list