[Samba] AD Integrated authentication

Michael Cleghorn michaelc at rmt.com.au
Mon May 28 09:44:30 GMT 2007

Hello list,

i'm going to try very hard not to rant here, but i've been trying to get Samba working for 3 days, and it's just not happening.  Let me start from the beginning.  i'm just a lowly Windows admin but i've been doing this for 10 years, so i'm pretty sure i know what i'm doing (present situation excepted, clearly).  i've got RedHat AS4 and a primarily Windows 2000 domain.  i want to be able to transparently browse to the shares on the RH server from a Windows client without having to authenticate again, which is exactly what the AD integrated authentication is for, right?

If i do "wbinfo -u" i get a list of AD objects, but without the AD domain name prepended which is my first clue that something isn't right.  If i do "wbinfo -a username%password" both plaintext and challenge response authentication work.  If i do "getent passwd" i get only local usernames.  Same for "getent group" except i get local groups, obviously.  From everything i've read in the man pages and god only know how many online troubleshooting and/or help docs, this just doesn't happen.  Everything that mentions using wbinfo and getent for testing just says "and you can try this and oh, look it works".  i'm paraphrasing slightly.

i have joined the RH server to the domain.  i can get a Kerberos ticket issued if i want one.  i have been through smb.conf, nsswitch.conf and /etc/pam.d so often, i no longer remember what my originals looked like.  i'm happy to post excerpts from any or all of these of they will help (i'm not going to do it now in case 1 - it's an easy fix, in which case i'm not sure if i'll laugh or cry and 2 - to keep things relatively short).  The logs have been less than ideally helpful since i already know that authentication isn't working... somewhere.

Can someone help?  Please?


Michael Cleghorn
System & Network Administrator

Risk Management Technologies
5 Ventnor Avenue
West Perth  WA  6005

Tel: +61 8 9322 1711
Fax: +61 8 9322 1794

Web: www.rmt.com.au

Please Note: The contents of this e-mail transmission are intended solely for the named recipients and may be confidential, privileged, or otherwise protected from disclosure in the public interest. The use, reproduction, disclosure, or distribution of the contents of this e-mail transmission by any person other than the named recipients is expressly prohibited. If you are not a named recipient please notify the sender immediately.

More information about the samba mailing list