[Samba] winbind and smb tries to auth as pdc$ rather than local name when using ADS

Jonathan Petersson jpetersson at garnser.se
Wed Sep 23 21:49:17 MDT 2009


The kerberos stuff is for the PAM auth although I though this was
necessary for the Samba stuff too.

Also, as far as the workgroup-name goes it's true it's the shorter
name but in my case the short name is PRESIDIO.

Could you send me a copy of your config? I'm obviously a bit off
hacking kerberos.

Thanks

/Jonathan

On Wed, Sep 23, 2009 at 8:16 PM, Adam Nielsen <adam.nielsen at uq.edu.au> wrote:
>> This specific instance is intended to host shares for which users
>> authenticate with their AD credentials, the normal authentication for
>> the system works fine and so does joining the domain. As mentioned
>> earlier initializing kinit and wbinfo returns the expected results and
>> the server shows up as a member in AD.
>
> I'm a bit confused about what you had to do with kinit, keytabs and
> Kerberos, because we've never touched anything to do with Kerberos and
> people can log on to our domain and browse the shares on our Samba
> servers with the AD username passed through (i.e. no separate log on to
> Samba.)  It sounds like this is what you're trying to achieve.
>
> We just joined each Samba machine to the domain ("net ads join") and it
> worked straight away.
>
> The first time I did this a few years ago I messed around with the
> Kerberos stuff before realising that apparently it's not necessary...
>
> Cheers,
> Adam.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list