[Samba] Trouble getting samba AD integration to work
Jason Haar
Jason.Haar at trimble.co.nz
Fri Dec 8 02:18:03 GMT 2006
soleblazer wrote:
>
> So I think alot of this is setup. My problem is I cannot get Samba to
> authenticate to AD. When I am logged into a windoze box and try and
> get to
> a share, the password dialogue comes up. I enter my AD username/password
> and it never works. For the share I made the AD group that I belong
> to in
> the write list. Do I need to do anything else?
>
I have just been through this myself. Hopefully my experience can help
First off - shouldn't it be "workgroup = MYDOMAIN", and I see no mention
of winbind - if you expect to control access via AD groups, you'll need
winbind.
Secondly, get rid of the "guest ok" thing. It confuses things during
such debugging. You can always re-enable it after getting the core stuff
working.
Thirdly, stop the winbind and smb services, rejoin the domain and TEST
THE JOIN. I have had several occurrences of joins that appears to
succeed - but didn't. This produced the symptoms you've been seeing.
i.e.
#stop winbind and smb services
kinit administrator at MYDOMAIN.COM
net join
sleep 10
net ads testjoin
#start winbind and smb services
Any errors in the above commands must be fixed before anything works
reliably.
Finally, if you have trusted domains you also want to support (e.g.
allow OTHER\user to connect to your MYDOMAIN Samba shares), make sure
they are all explicitly mentioned within the [realms] section in
/etc/krb5.conf. My thanks to Rashid for that trick.
Good luck. Hope that helps. I just love being able to "chown
domain\\username filename" - freaks the hell out of the Windows Admins ;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the samba
mailing list