[Samba] Integrating samba with existing AD

Thibaut POUZET thibaut.pouzet at lyra-network.com
Wed Jul 20 09:13:23 MDT 2011

Well thank you for noticing this error Jonathan, I didn't paid attention to
my samba version. We have quite a lot of centos machines on the network and
a poor internet connexion additionned with strong security policy.
Therefore, we have a rpm proxy and I did not noticed that the samba packages
available were out of date. Anyway, I fixed this issue and ran some more

I still can observe my problem though : I can connect to the server with
smbclient or windows clients, but cannot parse my folders. I also created a
dummy user named Alfred in my active directory, but he cannot connect in any

But now that I made this change, "# getent groups" does not gives me all my
local + ad groups (just some of them). 
I managed to connect to one of my folder by having "valid users = thibaut"
in my settings, but I don't really like this solution since I have a lot of
users which will have access to this server.

[2011/07/20 16:59:01.751433,  1] smbd/service.c:1070(make_connection_snum) ( connect to service commercial initially
as user thibaut (uid=2032, gid=1500) (pid 3039)
[2011/07/20 16:59:02.771747,  1] smbd/sesssetup.c:332(reply_spnego_kerberos)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!

And when accessing to another folder with "valid users = %S" :
[2011/07/20 16:58:53.584947,  2]
  user 'thibaut' (from session setup) not permitted to access this share

I use ldap to identify myself to the server, so I think that the iud+gid
numbers for the user thibaut comes from my logins to the server and might
have nothing to do with samba. 

I think I am a bit confused with all this and that I mix some different

Thibaut POUZET.

-----Message d'origine-----
De : samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] De
la part de Jonathan Buzzard
Envoyé : mercredi 20 juillet 2011 12:26
À : samba at lists.samba.org
Objet : Re: [Samba] Integrating samba with existing AD

On Wed, 2011-07-20 at 10:44 +0200, Thibaut POUZET wrote:

> The software involved : 
> Server Linux CentOS 5.6
> Windows 2003 Serveur R2 with working AD and another DNS server working
> fine.
> # rpm -qa | grep samba
> samba-3.0.33-3.29.el5_6.2
> samba-common-3.0.33-3.29.el5_6.2
> samba-client-3.0.33-3.29.el5_6.2

Stop right there remove the samba packages and install the samba3x
packages. Then take a look at my previous post made yesterday.


> So where am I going wrong ? L 

You are persisting on using a woefully out of date version of Samba when
your distribution comes with a much more recent prepackaged version. Why
anyone would want to use the plain samba packages in RHEL/CentOS when
trying to intergrate to the AD is utterly beyond me.


Jonathan A. Buzzard                 Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list