[Samba] AD Integrated authentication

Miguel Gonzalez Castaños miguel_3_gonzalez at yahoo.es
Tue Jun 5 21:14:35 GMT 2007 

I think you should be aware that some changes on Debian (and therefore 
Ubuntu packages) has been going on in etch (current stable). I don't 
know in terms of RH, but at least in my case, ADS didn't work. I have to 
test the new packages that has been posted on the samba website and will 
be included soon on stable branch of Debian

Just to point out that might be something broken

Miguel

Michael Smith escribió:
> Hello Michael:
>
> On May 28, 2007, at 2:31 AM, Michael Cleghorn wrote:
>
>>
>> Hello list,
>>
>> i'm going to try very hard not to rant here, but i've been trying to 
>> get Samba working for 3 days, and it's just not happening.  Let me 
>> start from the beginning.  i'm just a lowly Windows admin but i've 
>> been doing this for 10 years, so i'm pretty sure i know what i'm 
>> doing (present situation excepted, clearly).  i've got RedHat AS4 and 
>> a primarily Windows 2000 domain.  i want to be able to transparently 
>> browse to the shares on the RH server from a Windows client without 
>> having to authenticate again, which is exactly what the AD integrated 
>> authentication is for, right?
>>
>> If i do "wbinfo -u" i get a list of AD objects, but without the AD 
>> domain name prepended which is my first clue that something isn't 
>> right.  If i do "wbinfo -a username%password" both plaintext and 
>> challenge response authentication work.  If i do "getent passwd" i 
>> get only local usernames.  Same for "getent group" except i get local 
>> groups, obviously.  From everything i've read in the man pages and 
>> god only know how many online troubleshooting and/or help docs, this 
>> just doesn't happen.  Everything that mentions using wbinfo and 
>> getent for testing just says "and you can try this and oh, look it 
>> works".  i'm paraphrasing slightly.
>>
>> i have joined the RH server to the domain.  i can get a Kerberos 
>> ticket issued if i want one.  i have been through smb.conf, 
>> nsswitch.conf and /etc/pam.d so often, i no longer remember what my 
>> originals looked like.  i'm happy to post excerpts from any or all of 
>> these of they will help (i'm not going to do it now in case 1 - it's 
>> an easy fix, in which case i'm not sure if i'll laugh or cry and 2 - 
>> to keep things relatively short).  The logs have been less than 
>> ideally helpful since i already know that authentication isn't 
>> working... somewhere.
>>
>> Can someone help?  Please?
>>
> <sig snip>
>
> Would you post the following (sanitized, of course).
>
> smb.conf
> nsswitch.conf
> krb5.conf
> resolv.conf
> /pam.d/<whatever services you want authenticated>
>
> Regards,
>
> Mike
>
>
> --To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list