[Samba] Samba authentication using ADS
prashanth.adiyodi at roamware.com
Wed Oct 1 13:42:02 GMT 2008
I need help in setting up my linux box with ADS authentication on Samba.
I know that it can be done using winbind and Kerberos. I tried some of
the online methods but I am not able to get a result.
Request you to please help me with this.
These are the steps I followed to setup winbind
* Using Authconfig command I put in the relavant details like "Use
Winbind" and Use "Winbind Authentication" and left "Cache Information",
"Use MD5 Passwords" and "Use Shadow Passwords" selected
* Then I put details about the domain with authentication.
* I placed entries in /etc/nssswitch as
passwd: files winbind
shadow: files winbind
group: files winbind
This is the output I get
[2008/10/01 18:27:56, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password Administrator at EXAMPLE.COM failed: Cannot find
KDC for requested realm
[2008/10/01 18:27:56, 0] utils/net_ads.c:ads_startup(186)
ads_connect: Cannot find KDC for requested realm
[2008/10/01 18:27:56, 0] rpc_client/cli_pipe.c:cli_nt_session_open(1451)
cli_nt_session_open: cli_nt_create failed on pipe \lsarpc to machine
ads.example.com. Error was NT_STATUS_ACCESS_DENIED
could not initialise lsa pipe
could not obtain sid for domain
Shutting down Winbind services: [FAILED]
Starting Winbind services: [ OK ]
Please help me as to what is going wrong. Appreciate if any members
could help me out in configuring using Kerberos. Here also I edited the
krb5.conf, krb.conf and krb.realm with the correct parameters but stll
am not able to get a solution.
Roamware (I) Pvt. Ltd.
7th Floor, Sigma, Hiranandani Gardens
Technology Street, Powai,
Tel: 40406000 Ext: 6124
"The information contained herein may include confidential or privileged
information and is intended solely for the recipient(s) noted above. If
you receive this e-mail in error, please respond to the sender and
delete the e-mail. Any dissemination of this e-mail or the information
contained in this e-mail or attachments to unintended parties is
More information about the samba