[Samba] AD Integrated authentication
mksmith at adhost.com
Tue Jun 5 20:50:27 GMT 2007
On May 28, 2007, at 2:31 AM, Michael Cleghorn wrote:
> Hello list,
> i'm going to try very hard not to rant here, but i've been trying
> to get Samba working for 3 days, and it's just not happening. Let
> me start from the beginning. i'm just a lowly Windows admin but
> i've been doing this for 10 years, so i'm pretty sure i know what
> i'm doing (present situation excepted, clearly). i've got RedHat
> AS4 and a primarily Windows 2000 domain. i want to be able to
> transparently browse to the shares on the RH server from a Windows
> client without having to authenticate again, which is exactly what
> the AD integrated authentication is for, right?
> If i do "wbinfo -u" i get a list of AD objects, but without the AD
> domain name prepended which is my first clue that something isn't
> right. If i do "wbinfo -a username%password" both plaintext and
> challenge response authentication work. If i do "getent passwd" i
> get only local usernames. Same for "getent group" except i get
> local groups, obviously. From everything i've read in the man
> pages and god only know how many online troubleshooting and/or help
> docs, this just doesn't happen. Everything that mentions using
> wbinfo and getent for testing just says "and you can try this and
> oh, look it works". i'm paraphrasing slightly.
> i have joined the RH server to the domain. i can get a Kerberos
> ticket issued if i want one. i have been through smb.conf,
> nsswitch.conf and /etc/pam.d so often, i no longer remember what my
> originals looked like. i'm happy to post excerpts from any or all
> of these of they will help (i'm not going to do it now in case 1 -
> it's an easy fix, in which case i'm not sure if i'll laugh or cry
> and 2 - to keep things relatively short). The logs have been less
> than ideally helpful since i already know that authentication isn't
> working... somewhere.
> Can someone help? Please?
Would you post the following (sanitized, of course).
/pam.d/<whatever services you want authenticated>
More information about the samba