I am trying to join authenticate a linux machine from a Windows 2003 SP2
ADS domain with Microsoft service for unix version 3.5 running
I have prior to SP2 been able to connect to the domain with no problem I
actually have a machine that was connected prior to the install of SP2
still running and have the same krb5.conf, smb.conf and nsswitch.conf
files on both machines. Both machines are running the exact same
Distrubution of Linux and Samba and yet machine one authenticates and
machine two does not.
the error message that I currently get is
" ads_join_realm: Operations error "
has anyone got any ideas as to a resolution to this problem
I have included the following
smb.conf
[global]
wins server workgroup=domainname
server string=%h (Xandros Desktop)
dns proxy=no
name resolve order=hosts lmhosts host wins bcast
log file=/var/log/samba/log.%m
max log size=1000
syslog=0
panic action=/usr/share/samba/panic-action %d
security=ADS
encrypt passwords=true
passdb backend=tdbsam guest
obey pam restrictions=yes
invalid users=root
map to guest=Bad User
passwd program=/usr/bin/passwd %u
passwd chat=*Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
client use spnego=no
load printers=no
printing=cups
printcap name=cups
dos filetimes=yes
socket options=TCP_NODELAY
display charset=iso8859-1
unix charset=iso8859-1
winbind enum users=no
idmap uid=10000-20000
winbind enum groups=no
winbind separator=+
allow trusted domains=yes
template homedir=/home/%D/%U
password server=ADSSERVER
preserve case=yes
template shell=/opt/Shellloader.sh
realm=DOMAINNAME
case sensitive=no
short preserve case=yes
os level=20
idmap gid=10000-20000
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom
nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
krb5.conf
[realms]
DOMANNAME = {
kdc = ADSSERVER
}
DOMAINSHORTNAME = {
kdc = ADSSERVER
}
[login]
krb4_convert = true
krb4_get_tickets = true
All these files are identical on both machines and both machines are
identical in time.
ANY SUGGESTIONS...
I am trying to join and authenticate a linux machine to a Windows 2003
SP2 ADS domain with Microsoft service for unix version 3.5 running
I have prior to SP2 been able to connect to the domain with no problem I
actually have a machine that was connected prior to the install of SP2
still running and has the same krb5.conf, smb.conf and nsswitch.conf
files as the machine I'm trying to connect save the machine name. Both
machines are running the exact same Distrubution of Linux and Samba and
yet machine one authenticates and machine two does not.
the error message that I currently get is
" ads_join_realm: Operations error "
has anyone got any ideas as to a resolution to this problem
I have included the following
smb.conf
[global]
wins server workgroup=domainname
server string=%h (Xandros Desktop)
dns proxy=no
name resolve order=hosts lmhosts host wins bcast
log file=/var/log/samba/log.%m
max log size=1000
syslog=0
panic action=/usr/share/samba/panic-action %d
security=ADS
encrypt passwords=true
passdb backend=tdbsam guest
obey pam restrictions=yes
invalid users=root
map to guest=Bad User
passwd program=/usr/bin/passwd %u
passwd chat=*Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
client use spnego=no
load printers=no
printing=cups
printcap name=cups
dos filetimes=yes
socket options=TCP_NODELAY
display charset=iso8859-1
unix charset=iso8859-1
winbind enum users=no
idmap uid=10000-20000
winbind enum groups=no
winbind separator=+
allow trusted domains=yes
template homedir=/home/%D/%U
password server=ADSSERVER
preserve case=yes
template shell=/opt/Shellloader.sh
realm=DOMAINNAME
case sensitive=no
short preserve case=yes
os level=20
idmap gid=10000-20000
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom
nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
krb5.conf
[realms]
DOMANNAME = {
kdc = ADSSERVER
}
DOMAINSHORTNAME = {
kdc = ADSSERVER
}
[login]
krb4_convert = true
krb4_get_tickets = true
All these files are identical on both machines and both machines are
identical in time.
ANY SUGGESTIONS...
Hi All- Is there a way to authenticate samba shares using Active Directory? I don't want to add the Linux server to AD, I just want to be able to use Active Directory for the authentication of the Samba shares. Is there a good how-to? Thanks, MS
Hi John, Basically this is what I would like to happen: I have a Windows 2003 Active Directory server and a Fedora Linux server. I have set up Samba on the Fedora server. I would like for users to be able to map a Samba share using their login and password from Active Directory. I have read a lot of posts regarding kerberos, pam and samba, but most of them involved creating new users on active directory and installing Unix services on the windows server. I would like to not have to make any changes to the active directory server, just changes to the linux server. Any ideas? Thanks, MS On Mon, Mar 10, 2008 at 9:13 AM, Mary Steiner <steiner.mary@gmail.com> wrote:> Hi John, > Basically this is what I would like to happen: > > I have a Windows 2003 Active Directory server and a Fedora Linux server. I > have set up Samba on the Fedora server. I would like for users to be able to > map a Samba share using their login and password from Active Directory. > > I have read a lot of posts regarding kerberos, pam and samba, but most of > them involved creating new users on active directory and installing Unix > services on the windows server. I would like to not have to make any changes > to the active directory server, just changes to the linux server. > > Any ideas? > Thanks, > MS > > > On Mon, Mar 10, 2008 at 8:20 AM, John H Terpstra <jht@samba.org> wrote: > > > On Monday 10 March 2008 08:03:04 am Mary Steiner wrote: > > > Hi All- > > > Is there a way to authenticate samba shares using Active Directory? I > > don't > > > want to add the Linux server to AD, I just want to be able to use > > Active > > > Directory for the authentication of the Samba shares. > > > > > > Is there a good how-to? > > > > > > Thanks, > > > MS > > > > Mary, > > > > Could perhaps give us an example in practive (from the user's > > perspective) how > > this would work? > > > > Please start at the very beginning: A user logs onto ... and then does > > the > > following to access shares on the Samba server ... > > > > What documents have you referred to understand the issues at heart of > > the > > question you are asking? > > > > - John T. > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > >