[Samba] Samba/winbind with Active Directory auth

Robert Freeman-Day presgas at gmail.com
Tue Feb 2 07:30:59 MST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kris and Johan,

Both of you have not appended your smb.conf files.  Maybe doing that
would help as well.

- From what I am seeing, the pam stack Kris gave was authenticating via
winbind which would use either plaintext, lanman, ntlm or ntlmv2 and not
configured to authenticate using kerberos.  The plaintext password
authentication is pretty insecure and this is what I suspect your setup
is attempting to use.  Win 2008 has that disabled by default as well as
(afaik) lanman and ntlm.  If you plan on using winbind to authenticate,
you will likely need to add the following directive in the [global]
section of your smb.conf file:

client ntlmv2 auth = yes

You may then need to restart winbindd and smbd (hell, you could restart
the whole machine if you felt like it).  Tell us if this works out for you.


Volker Lendecke wrote:
> On Tue, Jan 19, 2010 at 08:23:45AM +0400, Alexander R. Fahrutdinov wrote:
>> В сообщении от Понедельник 18 января 2010 19:33:00 автор Kris Kaido написал:
>>> Hi List,
>>>
>>> I'm installing a Samba server with the intended purpose of serving files to
>>> Windows users with seamless authentication on the smb server.
>>> For that, I've been reading and following every single google search result
>>> regarding the subject, but it seems I'm stuck at some point where other
>>> people are not blocked ...
>>>
>>> To summarize, I have these commands OK:
>>> # kinit admin_user at DOMAIN.EXAMPLE.COM
>>> # klist (ticket ok)
>>> # net join ads -S server -U admin_user
>>> # wbinfo -u and -g (both showing "DOMAIN\...")
>>> # wbinfo -t (succeeded)
>>  
>> Try to use Kerberos auth (wbinfo -K login%pass). It's possible, Windows PDC 
>> does not support NT-style auth via pipe. Also, try 'nt pipe support = no' 
>> option in smb.conf file.
> 
> ???
> 
> nt pipe support = no
> 
> is extremely unlikely to ever help these days.
> 
> Volker
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAktoNyMACgkQup357T5MfTZZQACfddZOp6HuFaC7yQ4ccQY3s/Gx
DqQAn3/1pdGzOj+LnnNEFNiabeMff/Qq
=F63l
-----END PGP SIGNATURE-----


More information about the samba mailing list