Well, I got past the part about the "ads server" parameter... :)
Now, it appears that nobody in the AD Domain can log into (and use) any
resources on the Samba share.
If I set "security = ads" on Samba, then nobody can log into the
server -
period.
A couple of silly questions at this point (before I go completely mad)...
1) Is there any requirement that LDAP be functioning on the Samba machine?
2) Are there any hidden dependancies (like PAM) that are required to make this
work?
More background: The Samba machine has successfully joined the domain (it
shows up in AD Users and Computers), kinit works fine when logging in as
Administrator.
Here is the dump from klist:
root@raid:~# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@RONGAGE.ORG
Valid starting Expires Service principal
10/11/03 21:25:32 10/12/03 07:25:34 krbtgt/RONGAGE.ORG@RONGAGE.ORG
renew until 10/12/03 21:25:32, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
10/11/03 21:34:16 10/12/03 07:25:34 domain$@RONGAGE.ORG
renew until 10/12/03 21:25:32, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
root@raid:~#
Here is the top of my smb.conf:
[global]
workgroup = RONGAGE
netbios name = RAID
server string = Samba Server
load printers = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
security = ads
password server = domain.rongage.org
encrypt passwords = yes
realm = rongage.org
What the heck am I doing wrong here?
--
Ron Gage - LPIC1, A+, Net+
Pontiac, Michigan