[Samba] AD Integrated authentication

Michael Smith mksmith at adhost.com
Tue Jun 5 20:50:27 GMT 2007 

Hello Michael:

On May 28, 2007, at 2:31 AM, Michael Cleghorn wrote:

>
> Hello list,
>
> i'm going to try very hard not to rant here, but i've been trying  
> to get Samba working for 3 days, and it's just not happening.  Let  
> me start from the beginning.  i'm just a lowly Windows admin but  
> i've been doing this for 10 years, so i'm pretty sure i know what  
> i'm doing (present situation excepted, clearly).  i've got RedHat  
> AS4 and a primarily Windows 2000 domain.  i want to be able to  
> transparently browse to the shares on the RH server from a Windows  
> client without having to authenticate again, which is exactly what  
> the AD integrated authentication is for, right?
>
> If i do "wbinfo -u" i get a list of AD objects, but without the AD  
> domain name prepended which is my first clue that something isn't  
> right.  If i do "wbinfo -a username%password" both plaintext and  
> challenge response authentication work.  If i do "getent passwd" i  
> get only local usernames.  Same for "getent group" except i get  
> local groups, obviously.  From everything i've read in the man  
> pages and god only know how many online troubleshooting and/or help  
> docs, this just doesn't happen.  Everything that mentions using  
> wbinfo and getent for testing just says "and you can try this and  
> oh, look it works".  i'm paraphrasing slightly.
>
> i have joined the RH server to the domain.  i can get a Kerberos  
> ticket issued if i want one.  i have been through smb.conf,  
> nsswitch.conf and /etc/pam.d so often, i no longer remember what my  
> originals looked like.  i'm happy to post excerpts from any or all  
> of these of they will help (i'm not going to do it now in case 1 -  
> it's an easy fix, in which case i'm not sure if i'll laugh or cry  
> and 2 - to keep things relatively short).  The logs have been less  
> than ideally helpful since i already know that authentication isn't  
> working... somewhere.
>
> Can someone help?  Please?
>
<sig snip>

Would you post the following (sanitized, of course).

smb.conf
nsswitch.conf
krb5.conf
resolv.conf
/pam.d/<whatever services you want authenticated>

Regards,

Mike

More information about the samba mailing list