David Evans-Roberts
2004-Nov-17 17:18 UTC
[Samba] Problem with joining Active Server Domain
I have built samba 3.0.8 with ADS support. From the Solaris 9 end it appeared to join the active directory server domain OK. However when I look using Windows Explorer on the ADS (Windows 2003) machine it appears as Samba 3.0.8 server under WORKGROUP, and I cannot access the shares. I am using the MIT kerberos. The Howto guide on page 74 is a bit ambiguous. I read it to say that if you are you are using Heimdel it must be a release later than 0.6. A colleague took it to read that you must use Heimdal rather than MIT for Windows 2003. Is this the problem or is it something else. Any advice welcomed. /usr/local/samba/bin/net ads join -U Administrator Administrator's password: [2004/11/17 17:03:53, 0] libads/ldap.c:(1366) ads_add_machine_acct: Host account for pike already exists - modifying old account Using short domain name -- ASTTEST Joined 'PIKE' to realm 'ASTTEST.LOCAL' The relevant parts of the /etc/krb5.conf file are as follows: [libdefaults] default_realm = astest.local [realms] astest.local = { kdc = eng-test.astest.local } [domain_realm] .kerberos.server = astest.local ---------------------------------------------------------------------------- ------------ And smb.conf : # Global parameters [global] workgroup = ASTTEST realm = ASTTEST.LOCAL security = ADS password server = eng-test.asttest.local username map = /etc/samba/usermap.txt log level = 1 log file = /var/log/samba socket options = TCP_NODELAY IPTOS_LOWDELAY load printers = No os level = 0 dns proxy = No idmap uid = 15000-20000 idmap gid = 15000-20000 read only = No create mask = 0775 directory mask = 0775 [mds0650] ---------------------------------------------------------------------------- --------------------------- David Evans-Roberts daveer@hrwallingford.co.uk Systems Administrator HR Wallingford ********************************************************************** HR Wallingford uses Faxes and Emails for confidential and legally privileged business communications. They do not of themselves create legal commitments. Disclosure to parties other than addressees requires our specific consent. We are not liable for unauthorised disclosures nor reliance upon them. If you have received this message in error please advise us immediately and destroy all copies of it. **********************************************************************