samba - Mar 2004 - ADS Kerberos Authentication without winbind problem-*SOLVED*

Turned out the whole install was broken when not using winbind, don't know
why!?!
Uninstalled Samba 3.0.1, re-compiled from scratch Samba 3.0.2a and everything
works
as expected :-)


>> Further to this problem I have found it impossible to get any syntax to
succesfully mount a Samba 3.0.2 share
with Kerberos authentication using the BSD "mount_smbfs" (on Mac OS
X), where this does work without problems
when the local UNIX account is a Winbind account. Again I see the behaviour
where a ticket is obtained by the
client but somewhere this is not being associated with the local account on the
Samba server.
So again I ask, does anyone know how to get the Samba server and client system
to treat a Kerberos ticket
such as "user@TESTLAN.BBC.CO.UK" as being associated with local UNIX
account "user"?
Is anyone else running Samba as a AD member server without winbind?

	thanks Andy.
<<

Hello list,

Due to problems with winbind on Solaris I cannot use winbind. Instead I need to
get Kerberos authentication from
ADS working with a Samba member server with local UNIX user accounts.
So to briefly describe my configuration, I have an account in AD and a duplicate
account locally on my Samba server
which has been initialised with "smbpasswd -a user password". My Samba
server has successfully joined my AD domain
and can successfully obtain Kerberos tickets.

This does work in principal but I have the following problem, in order to get
Kerberos authentication I have to use
syntax like this on the Windows client

net use \\bbcwwp-sun24\share /user:bbcwwp-sun24\user

This works perfectly, but because my AD domain is called TESTLAN if you try and
access the samba share by either
of the following methods:

from windows explorer directly accessing the URL
"\\bbcwwp-sun24\share"

or from command line "net use \\bbcwwp-sun24\share"

They both fail, presumably because its assuming that the user account is
"TESTLAN\user" which will not work
(I tried this syntax manually and it didn't work). Although they fail I have
verified that the client is still
obtaining a ticket for the Samba server "HOST/bbcwwp-sun24".

Given that I don't expect my users to be using "net use" in order
to access data on a Samba share I basically
don't have a working solution at present. Is there anything I can tweak in
the Samba config to get round this?
Any help much appreciated,

	thanks in advance,  Andy.

BBCi at http://www.bbc.co.uk/

This e-mail (and any attachments) is confidential and may contain personal views
which are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. Do not use,
copy or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the BBC
monitors e-mails sent or received.
Further communication will signify your consent to this.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba