[Samba] Authenticating Samba against Active Directory

Daniel Catz Daniel.Catz at ivy.ltd.uk
Fri Sep 30 15:58:41 GMT 2005

I trying to authenticate samba 3.0.13 against active directory using my SLES 9 linux box.
I have istalled OpenLDAP, Samba, Kerberos (Heimdal) and PAM. 
I can join my domain, and I can see using "wbinfo -u" the domain users from active directory, but I cannot see them with the "getent passwd"  command.

Can you help me?

The log generated with the "nmbd" is this:

[2005/09/30 16:31:29, 0] nmbd/nmbd.c:main(718)
  Netbios nameserver version 3.0.20 started.
  Copyright Andrew Tridgell and the Samba Team 1994-2004
[2005/09/30 16:31:29, 0] nmbd/nmbd.c:main(737)
  standard input is not a socket, assuming -D option


The log generated with the "winbindd -i -d3" is this:

winbindd version 3.0.20 started.
Copyright The Samba Team 2000-2004
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/opt/samba-3.0.13/lib/smb.conf"
Processing section "[global]"
Processing section "[public]"
adding IPC service
adding IPC service
added interface ip= bcast= nmask=
added interface ip= bcast= nmask=
Added domain IVY IVY.LTD.UK S-1-5-21-286760449-2502667932-2086727194
Added domain BUILTIN  S-1-5-32
Added domain TS-IVY-01  S-1-5-21-300931632-1033023069-1792939587
resolve_lmhosts: Attempting lmhosts lookup for name ms-ivy-01.ivy.ltd.uk<0x20>
resolve_wins: Attempting wins lookup for name ms-ivy-01.ivy.ltd.uk<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name ms-ivy-01.ivy.ltd.uk<0x20>
fcntl_lock: fcntl lock gave errno 11 (Resource temporarily unavailable)
fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource temporarily unavailable)
cm_get_ipc_userpass: No auth-user defined
Doing spnego session setup (blob length=109)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=ms-ivy-01$@IVY.LTD.UK
Doing kerberos session setup
Ticket in ccache[MEMORY:cliconnect] expiration Sat, 01 Oct 2005 02:56:18 GMT
lsa_io_sec_qos: length c does not match size 8
[ 4584]: list trusted domains
ads: trusted_domains


The above information is confidential to the addressee and may be privileged. Unauthorised access and use is prohibited. Internet communications are not secure and therefore this Company does not accept legal responsibility for the contents of this message. If you are not the intended recipient, any disclosure, copying, distribution, or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. The sender does not accept any responsibility for viruses and it is your responsibility to scan the email and any attachments.

More information about the samba mailing list