[Samba] Samba authentication using ADS

Prashanth Adiyodi prashanth.adiyodi at roamware.com
Wed Oct 1 13:42:02 GMT 2008



I need help in setting up my linux box with ADS authentication on Samba.
I know that it can be done using winbind and Kerberos. I tried some of
the online methods but I am not able to get a result.


Request you to please help me with this.


These are the steps I followed to setup winbind


*	Using Authconfig command I put in the relavant details like "Use
Winbind" and Use "Winbind Authentication" and left "Cache Information",
"Use MD5 Passwords" and "Use Shadow Passwords" selected
*	Then I put details about the domain with authentication.


*	I placed entries in /etc/nssswitch as 

passwd:     files winbind

shadow:     files winbind

group:      files winbind



This is the output I get 


[2008/10/01 18:27:56, 0] libads/kerberos.c:ads_kinit_password(146)

  kerberos_kinit_password Administrator at EXAMPLE.COM failed: Cannot find
KDC for requested realm

[2008/10/01 18:27:56, 0] utils/net_ads.c:ads_startup(186)

  ads_connect: Cannot find KDC for requested realm

[2008/10/01 18:27:56, 0] rpc_client/cli_pipe.c:cli_nt_session_open(1451)

  cli_nt_session_open: cli_nt_create failed on pipe \lsarpc to machine
ads.example.com.  Error was NT_STATUS_ACCESS_DENIED

could not initialise lsa pipe

could not obtain sid for domain


Shutting down Winbind services:                            [FAILED]

Starting Winbind services:                                 [  OK  ]


Please help me as to what is going wrong. Appreciate if any members
could help me out in configuring using Kerberos. Here also I edited the
krb5.conf, krb.conf and krb.realm with the correct parameters but stll
am not able to get a solution.


Thanking you 


Prashanth Adiyodi
System Administrator

Roamware (I) Pvt. Ltd.
7th Floor, Sigma, Hiranandani Gardens
Technology Street, Powai, 
Mumbai-400 076
Tel: 40406000 Ext: 6124
GSM: 91-9833377712

www.roamware.com <http://www.roamware.com> 
"The information contained herein may include confidential or privileged
information and is intended solely for the recipient(s) noted above. If
you receive this e-mail in error, please respond to the sender and
delete the e-mail. Any dissemination of this e-mail or the information
contained in this e-mail or attachments to unintended parties is



More information about the samba mailing list