[Samba] AD Integrated authentication

Aaron Kincer kincera at gmail.com
Tue Jun 5 21:26:26 GMT 2007

I've been running the latest Ubuntu (3.0.24) packages on Feisty for a 
few weeks and only have seen issues with acls and extended attributes. 
After I figured out the recipe to get over that hump, it runs fine 
integrated into native AD on Server 2003. What seems to be your problem?

Miguel Gonzalez Castaños wrote:
> I think you should be aware that some changes on Debian (and therefore 
> Ubuntu packages) has been going on in etch (current stable). I don't 
> know in terms of RH, but at least in my case, ADS didn't work. I have 
> to test the new packages that has been posted on the samba website and 
> will be included soon on stable branch of Debian
> Just to point out that might be something broken
> Miguel
> Michael Smith escribió:
>> Hello Michael:
>> On May 28, 2007, at 2:31 AM, Michael Cleghorn wrote:
>>> Hello list,
>>> i'm going to try very hard not to rant here, but i've been trying to 
>>> get Samba working for 3 days, and it's just not happening.  Let me 
>>> start from the beginning.  i'm just a lowly Windows admin but i've 
>>> been doing this for 10 years, so i'm pretty sure i know what i'm 
>>> doing (present situation excepted, clearly).  i've got RedHat AS4 
>>> and a primarily Windows 2000 domain.  i want to be able to 
>>> transparently browse to the shares on the RH server from a Windows 
>>> client without having to authenticate again, which is exactly what 
>>> the AD integrated authentication is for, right?
>>> If i do "wbinfo -u" i get a list of AD objects, but without the AD 
>>> domain name prepended which is my first clue that something isn't 
>>> right.  If i do "wbinfo -a username%password" both plaintext and 
>>> challenge response authentication work.  If i do "getent passwd" i 
>>> get only local usernames.  Same for "getent group" except i get 
>>> local groups, obviously.  From everything i've read in the man pages 
>>> and god only know how many online troubleshooting and/or help docs, 
>>> this just doesn't happen.  Everything that mentions using wbinfo and 
>>> getent for testing just says "and you can try this and oh, look it 
>>> works".  i'm paraphrasing slightly.
>>> i have joined the RH server to the domain.  i can get a Kerberos 
>>> ticket issued if i want one.  i have been through smb.conf, 
>>> nsswitch.conf and /etc/pam.d so often, i no longer remember what my 
>>> originals looked like.  i'm happy to post excerpts from any or all 
>>> of these of they will help (i'm not going to do it now in case 1 - 
>>> it's an easy fix, in which case i'm not sure if i'll laugh or cry 
>>> and 2 - to keep things relatively short).  The logs have been less 
>>> than ideally helpful since i already know that authentication isn't 
>>> working... somewhere.
>>> Can someone help?  Please?
>> <sig snip>
>> Would you post the following (sanitized, of course).
>> smb.conf
>> nsswitch.conf
>> krb5.conf
>> resolv.conf
>> /pam.d/<whatever services you want authenticated>
>> Regards,
>> Mike
>> --To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list