[Samba] Problem using ADS

Dave Jones opensamba.deb at gmail.com
Thu Apr 12 12:04:44 GMT 2007

I have configured samba to authenticate against a windows 2003 AD. There is
no error joining to the domain ..
If I try to access any share using smbclient using an existing user account
from the AD, it returns an error "NT_STATUS_LOGON_FAILURE".
On adding the same user to local machine (/etc/passwd), the smbclient logs
in and displays all information properly.

Is this the usual behavior or did I forget configuring something ?
Dave Jones
Samba version : samba-3.0.25pre2 running on SLES 10

smb.conf :

security = ADS
workgroup = NEWLIFE
idmap gid = 20000-25000
idmap uid = 30000-40000
winbind separator  = +
password server =
use spnego = no
kernel oplocks = no

path = /tmp
writeable = yes

 # ./net ads join -Uadministrator%TesTing123
Using short domain name -- NEWLIFE
Joined 'rhel-4' to realm 'NEWLIFE.COM'

# ./smbclient -k -UNEWLIFE+Administrator%happy123 //
session setup failed: NT_STATUS_LOGON_FAILURE

 # cat /etc/passwd | grep user1

#./smbclient -k -UNEWLIFE+user1%happy //

Domain=[NEWLIFE] OS=[Unix] Server=[Samba 3.0.25pre2]
smb: \>

# ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=3.74 ms
64 bytes from icmp_seq=2 ttl=64 time=0.257 ms
64 bytes from icmp_seq=3 ttl=64 time=0.269 ms

--- ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 0.257/1.424/3.747/1.642 ms

Thanks in advance.

More information about the samba mailing list