[Samba] Samba ADS domain member issues
Chris Robinson
chris.robinson at voipsupply.com
Wed Dec 13 00:48:05 GMT 2006
Hi, I am having problems configuring my Centos 4 server as an ADS domain
member of our 2003 AD. I've followed the instructions on samba.org and
did quite a bit of Google'ing and haven't found an answer to the problems.
Basically I used the configuration illustrated in this section of the
howto, and of course a number of other suggestions I've found along the way:
http://us3.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm
Here's some of the details of my config:
rpm -qa | grep samba
samba-common-3.0.10-1.4E
samba-swat-3.0.10-1.4E.9
samba-client-3.0.10-1.4E
samba-3.0.10-1.4E.9
rpm -qa | grep krb5
krb5-libs-1.3.4-33
krb5-devel-1.3.4-33
pam_krb5-2.1.8-1
krb5-workstation-1.3.4-33
What happens is that I am able to join the domain successfully:
net ads join -U Administrator%bVoIPrules2
[2006/12/12 19:16:25, 0] libads/ldap.c:ads_add_machine_acct(1368)
ads_add_machine_acct: Host account for development already exists -
modifying old account
Using short domain name -- B2LLC
Joined 'DEVELOPMENT' to realm 'B2LLC.LOCAL'
As far as the tests from the article go:
wbinfo -u, and wbinfo -g seem to work fine
getent passwd and getent group doesn't work as described in the
article. It simply lists my local users.
net ads info and net ads status -UAdministrator% both work fine
When I go to the one of my domain controllers I can see the computer
listed, but when I try to manage it and click on the shares I get a "You
do not have permissions to see the list of shares from Windows clients"
error.
When I try to browse to the machine from one of the computers on the
domain it simply prompts me for a password dialog, and none of the
domain or machine passwords work.
When I check the errors for the IP address of the computer I tried it
from I usually get one of these two errors:
[2006/12/12 17:44:00, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username B2LLC\crobin01 is invalid on this system
[2006/12/12 17:44:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
Any help would be greatly appreciated. If I've been going down the
wrong path altogether I'm more than happy to RTFM if someone would be so
kind to point me in the right direction. Thank you.
More information about the samba
mailing list