[Samba] winbind and smb tries to auth as pdc$ rather than local name when using ADS

Adam Nielsen adam.nielsen at uq.edu.au
Wed Sep 23 23:41:46 MDT 2009


> The kerberos stuff is for the PAM auth although I though this was
> necessary for the Samba stuff too.

Winbind is also an alternative for this, by making all the AD users
visible as if they were accounts on the local machine.  Having winbind
working is also crucial to being able to grant AD groups access to
certain areas of your filesystem.

> Also, as far as the workgroup-name goes it's true it's the shorter
> name but in my case the short name is PRESIDIO.
> 
> Could you send me a copy of your config? I'm obviously a bit off
> hacking kerberos.

Here's the relevant bit from a server I put into production last night.
 The machine name is sambaserver.mydomain.com:

workgroup = MYDOMAIN
netbios name = sambaserver
security = ads
realm = MYDOMAIN.COM

Once that's done I precreated the account in AD (otherwise the machine
account will be created somewhere I haven't been delegated access to)
then I ran "net ads join -U <username>" where <username> is an account
with access to join the machine to the domain (which you choose when
adding the account to the domain - don't prefix it with MYDOMAIN\\ or
@MYDOMAIN.COM) and then it may come up with some errors, but running
"net ads testjoin" will hopefully return "OK".

All the other options in my Samba config are related to shares, winbind,
etc. but nothing to do with the domain.

Cheers,
Adam.



More information about the samba mailing list