[Samba] ADS Trouble authorizing users.
Chris Bolton
cbolton at rarr.org.uk
Thu Aug 28 12:55:34 GMT 2008
Hi all,
I've set up a CentOS machine with samba version 3.0.28-1.el5_2.1 to join a
Windows 2003 ADS. Everything seemed to go fine while joining the domain:
[root at mailserver ~]# net ads join -U administrator
administrator's password:
Using short domain name -- MYDOMAIN
Joined 'MAILSERVER' to realm 'MYDOMAIN.LOCAL'
The trouble I'm having is authorizing users.
When connecting the the CentOS machine from a windows XP machine it pops up
a username and password dialog. Entering in my details just pops it up
again as it would if I'd entered them incorrectly. Nothing is recored in
the logs on the CentOS machine (either in /var/log/messages or
/var/log/samba/smbd.log) and I am unable to procced.
If I try a username in the dialog box that does not exist on the domain I
get an error in /var/log/messages:
Aug 28 12:58:06 mailserver smbd[23786]: [2008/08/28 12:58:06, 0]
auth/auth_domain.c:domain_client_validate(260)
Aug 28 12:58:06 mailserver smbd[23786]: domain_client_validate: unable to
validate password for user dave in domain MYDOMAIN to Domain controller
MANS01.MYDOMAIN.LOCAL. Error was NT_STATUS_NO_SUCH_USER.
I'm guessing its a problem with the way the CentOS machine is passing on the
logon details but without an error message I'm a bit stuck. Any help would
be greatful.
Cheers.
Config files below:
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MYDOMAIN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
MYDOMAIN.LOCAL = {
kdc = mans01
admin_server = mans01
default_domain = mydomain.local
}
[domain_realm]
.mydomain.local = MYDOMAIN.LOCAL
mydomain.local = MYDOMAIN.LOCAL
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
/etc/smaba/smb.conf
[global]
workgroup = MYDOMAIN
netbios name = mailserver
server string = Samba Server 3.0
security = ads
realm = MYDOMAIN.LOCAL
password server = mans01
encrypt passwords = yes
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
dns proxy = no
#============================ Share Definitions
==============================
[public]
comment = Share
path = /home/public
public = yes
writable = yes
printable = no
More information about the samba
mailing list