Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] Authenticating to Samba with AD account
- Date: Tue, 17 Oct 2006 09:43:00 +0900
- From: Nikolay Elkov <goibniu@example.com>
- Subject: [tlug] Authenticating to Samba with AD account
- User-agent: Mutt/1.4.2.1i
Hello,
Here is a Linux - Windows interoperability question. (As much as I would
like to get rid of the Windows part, it's not up to me.)
There is a Windows 2003 domain with a bunch (in the hundreds) of
existing users. The goal is to let them use their accounts to access
samba shares and/or other resources on the Linux box (RHEL 3.0). As
things stand, it kind of works but not quite. If you are logged in with
your local account and you try to access a share, the authentication
dialog pops up. You enter your AD credentials and you are in. However,
if you are logged on to the domain, the dialog just keeps popping up
forever, even if you enter the correct username/password. If, however
you use an nonexistent domain for specifying your username, it works. To
sum it up:
* username:password -- doesn't work
* realdomain\username:password -- doesn't work
* fakedomain\username:password -- works
I believe I have the whole thing set up properly. wbinfo -a/-t/-u/-g
work as expected. I have added windbind to /etc/pam.d/authconfig and
/etc/nsswitch.conf and getent passwd returns all domain users. I can
even log in via ssh with my domain account.
I am out of ideas, so if anyone has one, please do share it.
The samba packages/versions are:
samba-3.0.9-1.3E.10
samba-client-3.0.9-1.3E.10
samba-common-3.0.9-1.3E.10
Here's the relevant part of smb.conf:
[global]
workgroup = FOO
realm = FOO.LOCAL
netbios name = BAR
security = ADS
password server = BAR.FOO.LOCAL
winbind uid = 100000-120000
winbind gid = 100000-120000
winbind separator = +
winbind use default domain = yes
obey pam restrictions = yes
winbind enum users = yes
winbind enum groups = yes
server string = Blah Blah Server
log file = /var/log.samba.%m
os level = 0
preferred master = no
domain master = no
encrypt passwords = yes
update encrypted = yes
add user script = /usr/local/bin/smb-useradd %D/%U
delete user script = /usr/local/bin/smb-userdel %D/%U
template shell = /bin/bash
template homedir = /home/%D/%U
TIA
- Follow-Ups:
- Re: [tlug] Authenticating to Samba with AD account
- From: Patrick Niessen
- Re: [tlug] Authenticating to Samba with AD account
- Prev by Date: Re: [tlug] Making sure people get the message
- Next by Date: [tlug] tlug server maintenance 10/18
- Previous by thread: Re: [tlug] Collection of Responses, mostly on the Reiser
- Next by thread: Re: [tlug] Authenticating to Samba with AD account
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |