[Samba] Issue with Samba 3.0.28a and Active Directory

Fri Apr 4 16:59:06 GMT 2008

Hi all,

1.  We are using Linux kernel 2.6.20.11 64-bit and Samba 3.0.28a

2.  We are trying to connect from this linux machine to a Windows ADS 
running on a separate Windows 2003 system (WINADS machine).

3.  Though we are able to retrieve the name of the WINADS machine from 
linux (We see the name of the  machine in samba log file), we are 
unable to access any of the users in the WINADS machine.

4.  The following is our smb.conf file

[global]
        preservecase              = yes
        log file                  = /var/log/samba/%m
        read raw                  = yes
        write raw                 = yes
        idmap gid                 = 600-20000
        socket options            = TCP_NODELAY IPTOS_LOWDELAY
        wins server               = 192.168.0.30
        encrypt passwords         = yes
        hosts allow               = 192.168.0.65
        realm                     = TESTADS.NET
        winbind use default domain = Yes
        level2 oplocks            = true
        max xmit                  = 65535
        template shell            = /bin/bash
        casesensitive             = yes
        Security                  = ads
        netbios name              = TESTNETBIOS
        oplocks                   = yes
        write cache size          = 262144
        server string             = tom
        idmap uid                 = 600-20000
        winbind enum users        = Yes
        winbind nested groups     = Yes
        defaultcase               = lower
        shortpreservecase         = yes
        workgroup                 = TESTWORKGROUP
        winbind enum groups       = Yes
        security                  = ads
        preferred master          = no
        max log size              = 50
        log level                 = 3
        password server          = 192.168.0.30

5.  The following is our lmhosts file

               127.0.0.1 localhost
               192.18.0.30 sridharg.TESTADS.NET

6.  The following is our KRB5.conf file

               [libdefaults]
               ticket_lifetime           = 24h
               forwardable               = yes
               default_realm             = TESTADS.NET
               dns_lookup_kdc            = false
               dns_lookup_realm          = false

               [logging]
               admin_server              = FILE:/var/log/kadmind.log
               default                   = FILE:/var/log/krb5libs.log
               kdc                       = FILE:/var/log/krb5kdc.log

               [realms]
               TESTADS.NET = {
               kdc = sridharg.TESTADS.NET
               admin_server =sridharg.TESTADS.NET
               default_domain = TESTADS.NET
               }

               [domain_realm]
               TESTADS.NET =TESTADS.NET
               .TESTADS.NET =TESTADS.NET

               [appdefaults]
               pam = {
               debug = false
                              ticket_lifetime = 36000
                              renew_lifetime = 36000
                              forwardable = true
               krb4_convert = false
               }

               [kdc]
               profile     = /var/kerberos/krb5kdc/kdc.conf

7.  We started smbd and nmbd service

8.  When we enter "net ads join -U sridharg at TESTADS.NET ", we are 
prompted to enter the password.

               "sridharg at TESTADS.NET's password:  "

9.  After entering the password of sridharg (available on TESTADS.NET), 
we are getting the following error .

               "Failed to join domain: Operations error" .

Your assistance is greatly appreciated. thanks!

-Thomas