[Samba] AD Integrated authentication

Aaron Kincer kincera at gmail.com
Tue Jun 5 20:32:25 GMT 2007

Here's a how-to I wrote for Samba 3.0.22 on Ubuntu 6.06/6.10 from which 
you might draw inspiration and compare settings to see if there's 
something you're missing. I need to update for 3.0.24. There are some 
things different now.


Hope that helps.

Aaron Kincer

Michael Cleghorn wrote:
> Hello list,
> i'm going to try very hard not to rant here, but i've been trying to get Samba working for 3 days, and it's just not happening.  Let me start from the beginning.  i'm just a lowly Windows admin but i've been doing this for 10 years, so i'm pretty sure i know what i'm doing (present situation excepted, clearly).  i've got RedHat AS4 and a primarily Windows 2000 domain.  i want to be able to transparently browse to the shares on the RH server from a Windows client without having to authenticate again, which is exactly what the AD integrated authentication is for, right?
> If i do "wbinfo -u" i get a list of AD objects, but without the AD domain name prepended which is my first clue that something isn't right.  If i do "wbinfo -a username%password" both plaintext and challenge response authentication work.  If i do "getent passwd" i get only local usernames.  Same for "getent group" except i get local groups, obviously.  From everything i've read in the man pages and god only know how many online troubleshooting and/or help docs, this just doesn't happen.  Everything that mentions using wbinfo and getent for testing just says "and you can try this and oh, look it works".  i'm paraphrasing slightly.
> i have joined the RH server to the domain.  i can get a Kerberos ticket issued if i want one.  i have been through smb.conf, nsswitch.conf and /etc/pam.d so often, i no longer remember what my originals looked like.  i'm happy to post excerpts from any or all of these of they will help (i'm not going to do it now in case 1 - it's an easy fix, in which case i'm not sure if i'll laugh or cry and 2 - to keep things relatively short).  The logs have been less than ideally helpful since i already know that authentication isn't working... somewhere.
> Can someone help?  Please?
> m.
> Michael Cleghorn
> System & Network Administrator
> Risk Management Technologies
> 5 Ventnor Avenue
> West Perth  WA  6005
> Tel: +61 8 9322 1711
> Fax: +61 8 9322 1794
> Web: www.rmt.com.au
> Please Note: The contents of this e-mail transmission are intended solely for the named recipients and may be confidential, privileged, or otherwise protected from disclosure in the public interest. The use, reproduction, disclosure, or distribution of the contents of this e-mail transmission by any person other than the named recipients is expressly prohibited. If you are not a named recipient please notify the sender immediately.

More information about the samba mailing list