I have been working to get a Samba 3 (alpha 21) on Red Hat 8.0 to work with our current Windows 2000 ADS. This is "pure" ADS (ie. no compatibility mode). Our desire is to have various samba servers join the domain and use the domain to authenticate users to the samba servers. It's my understanding that winbind is necessary. I've followed lots of HOWTO's and various articles as well as search the list archives and have not gotten it to work and have not found quite what I am looking for (although much has still been very helpful). I was able to successfully have the samba server join the domain (it shows up in ADS), and I can authenticate to the w2k box from the samba box just fine. But, I cannot authenticate back to samba box from a windows workstation (which is logged into the domain) unless I also have the login name and password in the smbpasswd file. Also, when I try any of the wbinfo tests, they fail. I understand it's still in alpha and just to make sure I'm not trying something that's not available/working yet, I need to know if this is possible. So the question is: Can a workstation in the ADS domain be authenticated to a samba 3 server via W2K ADS (with no compatibility mode)? If so - can you point me in the right direction for more info on how to make it work? I'd be glad to include my config files, logs, etc so some one can eyeball them and let me know what I'm missing. But, before doing that, I want to make sure I'm not just chasing something that's not available yet.. Thanks for your help. Rick ************************************* This email may contain privileged or confidential material intended for the named recipient only. If you are not the named recipient, delete this message and all attachments. Any review, copying, printing, disclosure or other use is prohibited. We reserve the right to monitor email sent through our network. *************************************
On Wed, 2003-01-29 at 07:39, Rick Segeberg wrote:> I have been working to get a Samba 3 (alpha 21) on Red Hat 8.0 to work > with our current Windows 2000 ADS. This is "pure" ADS (ie. no compatibility > mode). Our desire is to have various samba servers join the domain > and use the domain to authenticate users to the samba servers. It's > my understanding that winbind is necessary. > > I've followed lots of HOWTO's and various articles as well as search the > list archives and have not gotten it to work and have not found quite what > I am looking for (although much has still been very helpful). I was able to > successfully have the samba server join the domain (it shows up in > ADS), and I can authenticate to the w2k box from the samba box just > fine. But, I cannot authenticate back to samba box from a windows > workstation (which is logged into the domain) unless I also have the > login name and password in the smbpasswd file. Also, when I try any > of the wbinfo tests, they fail.Which tests - and what exactly do you mean by 'fail'. Are you really sure you correctly joined the domain?> I understand it's still in alpha and just to make sure I'm not trying > something that's not available/working yet, I need to know if this is > possible. So the question is: > > Can a workstation in the ADS domain be authenticated to a samba 3 server > via W2K ADS (with no compatibility mode)?Yes - shipping products are based on exactly this functionality. You are going to need to give some more info on the join, and any particular errors in the logs. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20030129/43e6f38b/attachment.bin