[Samba] ubuntu, samba and users autheticated over AD

Gabriel Petrescu gabrielescu at gmail.com
Mon Jun 22 14:49:21 GMT 2009


hy:)

As i a first conclusion, there are several issues:

- to make samba to authenticate users agains a AD there are several how to's

based on the linux distribution there are different packages which need to
be installed.

also the settings are different based on how to.

one of my main questions is.. what you install and configure:

kerberos, samba, samba common, winbind comes with samba

edit the config files for:

kerberos, samba, nsswitch

chech the time is sincronised.

is important when you config the files and put samba in AD samba and winbind
to be stoped?

putting together info from several how to's theoretically i should't have
any problem, but i have.

the errors are:
Jun 22 13:54:13 file-server su[4443]: pam_unix(su:session): unrecognized
option [pam_mkhomedir.so]
Jun 22 13:54:13 file-server su[4443]: pam_unix(su:session): unrecognized
option [umask=0022]
Jun 22 13:54:13 file-server su[4443]: pam_unix(su:session): unrecognized
option [skel=/etc]
Jun 22 13:54:13 file-server su[4443]: pam_unix(su:session): session opened
for user root by cristian(uid=0)


Jun 22 13:45:05 file-server smbd[4333]: nss_ldap: failed to bind to LDAP
server ldap://127.0.0.1: Invalid credentials
Jun 22 13:45:05 file-server smbd[4333]: nss_ldap: could not search LDAP
server - Server is unavailable
Jun 22 13:47:00 file-server nss_wins[4424]: pam_smbpass(sshd:auth):
unrecognized option [missingok]
Jun 22 13:47:00 file-server nss_wins[4424]: pam_winbind(sshd:auth): getting
password (0x00000000)
Jun 22 13:47:00 file-server nss_wins[4424]: pam_winbind(sshd:auth): request
failed: Access denied, PAM error was System error (4), NT error was
NT_STATUS_ACCESS_DENIED

[2009/06/22 13:19:06, 0]
rpc_client/cli_pipe.c:get_schannel_session_key_common(2445)
  get_schannel_session_key: could not fetch trust account password for
domain 'MYDOMAIN'
[2009/06/22 13:19:06, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641)
  cli_rpc_pipe_open_schannel: failed to get schannel session key from server
SERVER.MYDOMAIN.LOCAL for domain MYDOMAIN.
[2009/06/22 13:19:06, 0]
auth/auth_domain.c:connect_to_domain_password_server(119)
  connect_to_domain_password_server: unable to open the domain client
session to machine SERVER.MYDOMAIN.LOCAL. Error was :
NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
[2009/06/22 13:19:06, 0] auth/auth_domain.c:domain_client_validate(220)
  domain_client_validate: Domain password server not available.


I appreciate, any, help, ideea:)

Thanks:)

Gabi

On Mon, Jun 22, 2009 at 3:36 PM, Helmut Hullen <Hullen at t-online.de> wrote:

> Hallo, Volker,
>
> Du meintest am 22.06.09:
>
> > Try to give your host a fully qualified domain name. The
> > output of "hostname" and "hostname -f" must differ.
>
> That depends.
> My slackware "hostname" (from the tcpip package or the util-linux
> package) shows the same when I type "hostname -f" or "hostname", I get
> the short version with "hostname -s".
>
> Viele Gruesse!
> Helmut
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list