[Samba] Help with ADS authentication and Samba

Brian O'Mahony brian.omahony at curamsoftware.com
Fri Mar 11 04:24:37 MST 2011

Hi there, just recently joined this list as I seem to be having a little trouble that I am hoping someone can help with.

I recently installed a RHEL5.5 server and updated samba to samba3-3.4.11-42.el5.x86_64.rpm. I had never set up samba to authenticate with ADS so I read a little bit and dove right in. The server now works fine, so when I browse to \\machinename<file:///\\machinename> no login box pops up, and I see the shares, and every user in the domain can write to them.

So far so good. I then try to replicate this on another server and then the problems started. Here is the procedure I followed:

I copied smb.conf, krb5.conf over to the new server from the working copy. Edited nsswitch.conf to add winbind to the end of passwd, group and shadow.

I then ran "kinit admin". This worked. I than ran kdestroy to destroy the token.

[root at rhel5u5live ~]# net ads join -U ictadmin
Enter ictadmin's password:
Using short domain name -- XXX
Joined 'RHEL5U5LIVE' to realm 'xxx.com'
[root at rhel5u5live ~]# net ads testjoin
Join is OK
[root at rhel5u5live ~]# wbinfo -u | grep brian.om

So it seems to be able to look up users etc on the Domain controller. How ever when I browse to \\machinename<file:///\\machinename> a login box pops up. I *know* I must have forgotten something, but cant figure out what.

Could someone please help?



The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in reliance
on it, is prohibited and may be unlawful. If you are not the intended
addressee please contact the sender and dispose of this e-mail. Thank you.

More information about the samba mailing list