R: [Samba] cannot autenticate user in AD

Gianluca Culot gianlucaculot at dmsware.com
Thu Jul 12 07:40:06 GMT 2007 

 

> -----Messaggio originale-----
> Da: samba-bounces+gianlucaculot=dmsware.com at lists.samba.org 
> [mailto:samba-bounces+gianlucaculot=dmsware.com at lists.samba.or
> g] Per conto di Roberto Lizana
> Inviato: mercoledì 11 luglio 2007 13.26
> A: samba at lists.samba.org
> Oggetto: [Samba] cannot autenticate user in AD
> 
> I have configured samba like member of AD, if i type in 
> console 'wbinfo -u' y get all user of my AD, if type in 
> console 'wbinfo -g' y get all groups too. It's correct but if 
> i type 'getent passwd' or 'getent group'
> don't get any user or group of my AD... why???
> 
> * in nsswitch.conf appears:
> passws:   files winbind
> group:   files winbind
> shadow: files winbind
> 
> i execute ldconfig for apply all changes of nsswitch.conf
> 
> i have libnss_winbind.so and libnss_winbind.so.2 in /lib
> 
> * smbd version is 3.0.25b and i compile this with arguments:
> --with-winbind --with-krb5=/usr/lib --with-ads
> 
> * smb.conf:
> workgroup = DOMAIN
> realm = DOMAIN.INT
> netbios name = samba1
> preferred master = no
> client schannel = no
> security = ADS
> password server = *
> idmap uid = 10000-250000
> idmap gid = 10000-250000
> winbind uid = 10000-250000
> winbind gid = 10000-250000
> winbind separator = +
> winbind enum users = yes
> winbind enum groups = yes
> 
> 
> * klist
> Default principal: administrator at DOMAIN.INT
> 
> Valid starting     Expires            Service principal
> 07/11/07 12:26:17  07/11/07 22:26:18  krbtgt/DOMAIN.INT at DOMAIN.INT
>        renew until 07/12/07 12:26:17
> 
> 
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 

Hello Roberto

I'm not a Samba Expert, so ... Make backups before trying what I suggest :D

I don't like two settings in your smb.conf
password server = *	>>> I'd specify an address or a name which CAN be
sonved by DNS
winbind separator = +	>>> YOU REALLY SURE ?	I'd suppress this with a
comment #

Hope this helps
Be well
Gianluca

More information about the samba mailing list