[Samba] AD Integrated authentication

Urs Golla urs.golla at gmail.com
Tue Jun 5 20:18:58 GMT 2007 

I think, I know how you feel :-)

It seems as if the winbind stuff is not properly configured. I think
you should post your smb.conf and nsswitch.conf.

cheers



On 5/28/07, Michael Cleghorn <michaelc at rmt.com.au> wrote:
>
> Hello list,
>
> i'm going to try very hard not to rant here, but i've been trying to get Samba working for 3 days, and it's just not happening.  Let me start from the beginning.  i'm just a lowly Windows admin but i've been doing this for 10 years, so i'm pretty sure i know what i'm doing (present situation excepted, clearly).  i've got RedHat AS4 and a primarily Windows 2000 domain.  i want to be able to transparently browse to the shares on the RH server from a Windows client without having to authenticate again, which is exactly what the AD integrated authentication is for, right?
>
> If i do "wbinfo -u" i get a list of AD objects, but without the AD domain name prepended which is my first clue that something isn't right.  If i do "wbinfo -a username%password" both plaintext and challenge response authentication work.  If i do "getent passwd" i get only local usernames.  Same for "getent group" except i get local groups, obviously.  From everything i've read in the man pages and god only know how many online troubleshooting and/or help docs, this just doesn't happen.  Everything that mentions using wbinfo and getent for testing just says "and you can try this and oh, look it works".  i'm paraphrasing slightly.
>
> i have joined the RH server to the domain.  i can get a Kerberos ticket issued if i want one.  i have been through smb.conf, nsswitch.conf and /etc/pam.d so often, i no longer remember what my originals looked like.  i'm happy to post excerpts from any or all of these of they will help (i'm not going to do it now in case 1 - it's an easy fix, in which case i'm not sure if i'll laugh or cry and 2 - to keep things relatively short).  The logs have been less than ideally helpful since i already know that authentication isn't working... somewhere.
>
> Can someone help?  Please?
>
> m.
>
>
> Michael Cleghorn
> System & Network Administrator
>
> Risk Management Technologies
> 5 Ventnor Avenue
> West Perth  WA  6005
> AUSTRALIA
>
> Tel: +61 8 9322 1711
> Fax: +61 8 9322 1794
>
> Web: www.rmt.com.au
>
> Please Note: The contents of this e-mail transmission are intended solely for the named recipients and may be confidential, privileged, or otherwise protected from disclosure in the public interest. The use, reproduction, disclosure, or distribution of the contents of this e-mail transmission by any person other than the named recipients is expressly prohibited. If you are not a named recipient please notify the sender immediately.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list