[Samba] Samba 3 with ADS problem

jasmine mary jselvaraj at tiaa-cref.org
Wed Apr 26 21:24:26 GMT 2006


Hi all,

I have started my work of Samba authentaication usiing AD with Samba 3.0.7,
openldap-2.3.9,kerberos 1.4.3 on Solaris 8.

My first question is can i implement it on Solaris box? because where ever i
see, i could see the document for Linux and Debian.

Let me explain what i did. I compiled the Kerberos and LDAP package first.
After that i compiled the samba package. Samba is compiled successfully with
the support of ADS, LDAP and Kerberos. I came to know this from these
commands

smbd -b | grep LDAP
smbd -b | grep ADS
smbd -b | grep krb
smbd -b | grep winbind

I edited the kerberos file as follows..


[libdefaults]
        default_realm = SE.JASMINE.ORG
        dns_lookup_kdc = true

[realms]
        SE.JASMINE.ORG = {
                kdc = se.jasmine.org
        }

[domain_realm]
        .se.jasmine.org = SE.JASMINE.ORG
[logging]
        default = FILE:/var/krb5/kdc.log
        kdc = FILE:/var/krb5/kdc.log
        kdc_rotate = {
            period = 1d
            versions = 10
        }

[appdefaults]
        kinit = {
                renewable = true
                forwardable= true
        }


se.jasmine.org is the realm name. Server name is alos the same one. It will
5 servers are there for doing fail over.


I joined the samba server with the domain using net ads join. It added
successfully. i can able to get the list of AD users and groups using
wbcinfo -u and -g respectively.


smb.conf file

[global]
        workgroup = SE
        realm = se.jasmine.org
        security = ADS
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        encrypt passwords = yes
        log level = 3
        log file = /var/log/samba/%m

[jasmine]
        path = /home/jselvaraj
        guest ok = Yes

So far everyhitng is good..I am facing the following problems.

1. i couldnt get the getent username/group from AD. It only displays the
local user information.What does it mean? whether isnt it added
succussfully?

2. ./net ads info displays the "Didn't find the ldap server!" error

3. kinit gives this error "kinit: Cannot contact any KDC for requested realm
while getting initial credentials", ebventhough i can ping my samba server
from the windows and the reverse. There is no firewall problem too.

4. Did i need to edit the pam configuration files. Each document gives the
different type of following. I couldnt find the correct steps to implement
it on Solaris.Pls anyone who implemented it give the url u referred.


I dont know what steps i am missing and what to do next.

FYI..In my company they already imlemented this samba with AD. But they
never touched kr5.conf file. Users much be created with AD username to
access the share. It doubles the work. So i am starting the enhancement work
of it but from scratches (ie, compiling the LDAP, Samba,Kerberos)

Please help me out.

















--
View this message in context: http://www.nabble.com/Samba-3-with-ADS-problem-t1514307.html#a4110019
Sent from the Samba - General forum at Nabble.com.



More information about the samba mailing list