[Samba] AD Integrated authentication
kincera at gmail.com
Tue Jun 5 21:26:26 GMT 2007
I've been running the latest Ubuntu (3.0.24) packages on Feisty for a
few weeks and only have seen issues with acls and extended attributes.
After I figured out the recipe to get over that hump, it runs fine
integrated into native AD on Server 2003. What seems to be your problem?
Miguel Gonzalez Castaños wrote:
> I think you should be aware that some changes on Debian (and therefore
> Ubuntu packages) has been going on in etch (current stable). I don't
> know in terms of RH, but at least in my case, ADS didn't work. I have
> to test the new packages that has been posted on the samba website and
> will be included soon on stable branch of Debian
> Just to point out that might be something broken
> Michael Smith escribió:
>> Hello Michael:
>> On May 28, 2007, at 2:31 AM, Michael Cleghorn wrote:
>>> Hello list,
>>> i'm going to try very hard not to rant here, but i've been trying to
>>> get Samba working for 3 days, and it's just not happening. Let me
>>> start from the beginning. i'm just a lowly Windows admin but i've
>>> been doing this for 10 years, so i'm pretty sure i know what i'm
>>> doing (present situation excepted, clearly). i've got RedHat AS4
>>> and a primarily Windows 2000 domain. i want to be able to
>>> transparently browse to the shares on the RH server from a Windows
>>> client without having to authenticate again, which is exactly what
>>> the AD integrated authentication is for, right?
>>> If i do "wbinfo -u" i get a list of AD objects, but without the AD
>>> domain name prepended which is my first clue that something isn't
>>> right. If i do "wbinfo -a username%password" both plaintext and
>>> challenge response authentication work. If i do "getent passwd" i
>>> get only local usernames. Same for "getent group" except i get
>>> local groups, obviously. From everything i've read in the man pages
>>> and god only know how many online troubleshooting and/or help docs,
>>> this just doesn't happen. Everything that mentions using wbinfo and
>>> getent for testing just says "and you can try this and oh, look it
>>> works". i'm paraphrasing slightly.
>>> i have joined the RH server to the domain. i can get a Kerberos
>>> ticket issued if i want one. i have been through smb.conf,
>>> nsswitch.conf and /etc/pam.d so often, i no longer remember what my
>>> originals looked like. i'm happy to post excerpts from any or all
>>> of these of they will help (i'm not going to do it now in case 1 -
>>> it's an easy fix, in which case i'm not sure if i'll laugh or cry
>>> and 2 - to keep things relatively short). The logs have been less
>>> than ideally helpful since i already know that authentication isn't
>>> working... somewhere.
>>> Can someone help? Please?
>> <sig snip>
>> Would you post the following (sanitized, of course).
>> /pam.d/<whatever services you want authenticated>
>> --To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba