[Samba] Samba ADS domain member issues
Chris Robinson
chris.robinson at voipsupply.com
Fri Jan 12 15:14:59 GMT 2007
This is a repost.
Hi, I am having problems configuring my Centos 4 server as an ADS domain
member of our 2003 AD. I've followed the instructions on samba.org and
did quite a bit of Google'ing and haven't found an answer to the problems.
Basically I used the configuration illustrated in this section of the
howto, and of course a number of other suggestions I've found along the way:
http://us3.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm
Here's the installed software versions:
rpm -qa | grep samba
samba-common-3.0.10-1.4E
samba-swat-3.0.10-1.4E.9
samba-client-3.0.10-1.4E
samba-3.0.10-1.4E.9
rpm -qa | grep krb5
krb5-libs-1.3.4-33
krb5-devel-1.3.4-33
pam_krb5-2.1.8-1
krb5-workstation-1.3.4-33
What happens is that I am able to join the domain successfully:
net ads join -U Administrator%pass
[2006/12/12 19:16:25, 0] libads/ldap.c:ads_add_machine_acct(1368)
ads_add_machine_acct: Host account for development already exists -
modifying old account
Using short domain name -- B2LLC
Joined 'DEVELOPMENT' to realm 'B2LLC.LOCAL'
As far as the tests from the article go:
*wbinfo -u, and wbinfo -g seem to work fine
*getent passwd and getent group doesn't work as described in the
article. It simply lists my local users. I have gotten it to work by
modifying krb5.conf, but I can't seem to find the magic configuration
for that as it seems to be touch and go.
*net ads info and net ads status -UAdministrator% both work fine
*When I go to the one of my domain controllers I can see the computer
listed, but when I try to manage it and click on the shares I get a "You
do not have permissions to see the list of shares from Windows clients"
error.
*When I try to browse to the machine from one of the computers on the
domain it simply prompts me for a password dialog, and none of the
domain or machine passwords work.
*When I check the errors for the IP address of the computer I tried it
from I usually get one of these two errors:
[2006/12/12 17:44:00, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username B2LLC\crobin01 is invalid on this system
[2006/12/12 17:44:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
I've tried the exact same configuration files on multiple machines and I
seem to get different results depending on the server even though they
all run Centos 4 (although there could be some dot level version
differences, I do use their most updated Samba and Kerberos packages).
I have one machine that the config files are actually working on,
although the rights don't work the way I would expect them to work...not
a big deal though for my needs.
Any help would be greatly appreciated. If I've been going down the
wrong path altogether I'm more than happy to RTFM if someone would be so
kind to point me in the right direction. Thanks very much for any
assistance.
More information about the samba
mailing list