Okay, I'm trying to get my samba server to talk to my Windows 2003 domain
running in native 2003 mode. First, while trying to add the samba server
with the "net ads join" command, it just wouldn't work. I
wouldn't get an
error or a confirmation, I'd just be sent back to the command prompt. My
krb5.conf file is setup properly and when I run a kinit command, it runs
fine. Anyway, I gave up on that as I really don't need full ADS domain
membership.
Now, when I try to join the domain with just "net join" I get a
response
saying that the samba server successfully joined the domain. Everything
looks good in my smb.conf file and I have corresponding users in the domain
and on the linux box so I start up the daemons, go to one of my win 2003
servers and try to open a share on the samba server. Everytime I try, I
keep getting a password prompt. Putting in a domain username and password
just brings the password prompt back up. Here's what my log file says:
[2003/10/12 14:16:39, 0]
auth/auth_domain.c:connect_to_domain_password_server(115)
connect_to_domain_password_server: unable to setup the NETLOGON
credentials to machine BHNS1. Error was
: NT_STATUS_ACCESS_DENIED.
[2003/10/12 14:16:39, 0] auth/auth_domain.c:domain_client_validate(167)
domain_client_validate: Domain password server not available.
Here's a quick look at my smb.conf file
[global]
workgroup = TEST
server string =
interfaces = eth0
bind interfaces only = Yes
security = DOMAIN
password server = 10.100.32.5
client lanman auth = No
client plaintext auth = No
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
wins server = 10.100.32.5
ldap ssl = no
valid users = samba_valid
admin users = samba_valid
read list = samba_ro
write list = samba_rw
Back when I was running a 2000 server and Samba 2, I had no problems. I
have a feeling 2003 is probably the issue. Has anyone here been able to get
samba 3 and a 2003 domain to play along?
At 03:12 PM 10/12/2003 -0500, Bryan Haro wrote: >Okay, I'm trying to get my samba server to talk to my Windows 2003 domain >running in native 2003 mode. First, while trying to add the samba server >with the "net ads join" command, it just wouldn't work. I wouldn't get an >error or a confirmation, I'd just be sent back to the command prompt. My >krb5.conf file is setup properly and when I run a kinit command, it runs >fine. Anyway, I gave up on that as I really don't need full ADS domain >membership. If the directory is running in Windows Server 2003 mode (a superset of native mode) then it won't work, from what I understand. I believe this is stated in the HOWTOs. You'll need to reconfigure your server and use native mode rather than native 2003 mode. Disclaimer: I have successfully joined a few Red Hat 9 boxes to my Active Directory in Native 2000 mode. > >Now, when I try to join the domain with just "net join" I get a response >saying that the samba server successfully joined the domain. Everything >looks good in my smb.conf file and I have corresponding users in the domain >and on the linux box so I start up the daemons, go to one of my win 2003 >servers and try to open a share on the samba server. Everytime I try, I >keep getting a password prompt. Putting in a domain username and password >just brings the password prompt back up. Here's what my log file says: I'm having the same problems, but in the other direction - the Samba box won't read a share on the 2k3 Server box, while it will from a 2000 box. This has been isolated to being a problem with too-old versions of the MIT krb5 libraries (for instance, the newest RPM you can get for Red Hat 9 is 1.2.7-14, while MIT is up to 1.3.1, which is supposed to work with 2k3). There are additional problems when trying to rebuild Samba to point at newer krb5 builds - check bug 433 in Bugzilla (https://bugzilla.samba.org/show_bug.cgi?id=433). This bug has been assigned, but has yet to be totally fixed. I'm going to assume you're experiencing the same failure mode, just in the opposite direction. For now, Gavin Davenport (gavdav@gavdav.demon.co.uk) has built a workaround, although I have yet to try it (been working on methods to run Linux on an SGI O2 - if anyone has any suggestions, please contact me direct!). Hope that helps... Terry
>Can anyone really confirm this, I am having trouble with verifying >tickets with a 2003 Server in Native 2003 Mode. But what I have read is >that you can't change back from native 2003 mode, to just native mode. >Is this true?Yes, it is true that you can not (at least, according to MS) downgrade from Native 2003 to Native mode or from Native mode to Mixed mode. There may be third-party hacks available out there, but I've never seen them. Everything I've seen so far indicates reinstalling the OS. Terry