[Samba] Integrating samba with existing AD

Thibaut POUZET thibaut.pouzet at lyra-network.com
Wed Jul 20 02:44:34 MDT 2011 

Hi everyone,

 

I am currently trying to set-up a samba server in my network in order to
replace the existing windows samba server. It's been now two weeks that I am
struggling with a vicious problem, and I cannot see any issue right now.
Before I loose all my hairs, I am sharing with you this problem : hopefully,
someone will have a tip for me.

 

The software involved : 

Server Linux CentOS 5.6

Windows 2003 Serveur R2 with working AD and another DNS server working just
fine.

# rpm -qa | grep samba

samba-3.0.33-3.29.el5_6.2

samba-common-3.0.33-3.29.el5_6.2

samba-client-3.0.33-3.29.el5_6.2

# rpm -qa | grep krb

pam_krb5-2.2.14-18.el5

pam_krb5-2.2.14-18.el5

krb5-libs-1.6.1-55.el5_6.1

krb5-devel-1.6.1-55.el5_6.1

krb5-workstation-1.6.1-55.el5_6.1

krb5-libs-1.6.1-55.el5_6.1

 

The smb.conf

http://pastebin.com/9iCd1meR

 

The krb5.conf

http://pastebin.com/nJ2DuBFi

 

In the nsswich.conf

passwd:     files ldap winbind

shadow:     files ldap

group:      files ldap winbind

 

The problem (Everything seems to work just fine ): 

# kinit -V thibaut

Password for thibaut at WORK-NETWORK.COM:

Authenticated to Kerberos v5

 

# net join -S pwdsrv -U Thibaut

Thibaut's password:

Using short domain name -- WORK

DNS update failed!

Joined 'smbsrv' to realm 'WORK-NETWORK.COM'

 

wbinfo -u

wbinfo -g

getent passwd

getent group

=> All of them returns all I want (users and groups, with locals for the
last two commands)

 

# smbclient -L localhost -U Thibaut

Password:

Domain=[WORK] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_6.2]

 

        Sharename       Type      Comment

        ---------       ----      -------

        IPC$            IPC       IPC Service (Server blabla)

        thibaut         Disk      Home Directories

Domain=[WORK] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_6.2]

 

        Server               Comment

        ---------            -------

        SMBSRV            Serveur blabla

 

        Workgroup            Master

        ---------            -------

        WORK

 

. and that's all. The windows clients can connect and see some shares (I
guess thank's to passthru), for instance I can see my home folder and the
printers folders, but not the others as with smbclient. Furthermore, Even if
I can see the roots folders, I cannot parse them : I am prompted a
login+password form when I try to enter the "Thibaut" folder, for instance.
I think I am connected as a guest user, but I am not sure of that.

And when I try to access the folder Thibaut, I got some logs : 

 

[2011/07/20 09:50:38, 2] lib/access.c:check_access(323)

  Allowed connection from  (a.b.c.d)

[2011/07/20 09:50:38, 2] smbd/service.c:make_connection_snum(617)

  user 'WORK\thibaut' (from session setup) not permitted to access this
share (thibaut)

 

So where am I going wrong ? L 

 

Thibaut.

More information about the samba mailing list