Andrew Zbikowski wrote:
Since smb.conf is a link..let me try.
I've experienced some strange things as well, the question is, can ADS
users get a share properly? I had similar probs, but the share works.
What does net ads testjoin show?
Also in smb.conf you have a passdb backend. DON'T.
Here's what I use, albeit it is a W2K AD: (I know some settings are
default that way, but I have been adjusting them)
workgroup = (NETBIOS NAME OF AD DOMAIN)
realm = YOURDOMAIN.COM
server string = (Info about server)
netbios name = (NAME YOU WANT TO GIVE YOUR SERVER)
security = ADS
client schannel = Auto
server schannel = Auto
client signing = Auto
server signing = Auto
client use spnego = No
socket options = TCP_NODELAY
dns proxy = No
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = _
winbind enum users = No
winbind enum groups = No
winbind use default domain = No
admin users = (AD Administrator that samba will tell Unix to
treat as root...be carefull here...but it's needed. Multiple users are
comma separated. The user is added
like this {assuming you used the winbindd seprarator I suggested}
DOMAIN_user1, DOMAIN_user2)
algorithmic rid base = 10000
dos filetimes = Yes
dos filemode = Yes
acl compatibility = win2k
inherit acls = yes
inherit permissions = ye
>abrams:~# kinit admin@CORP.TCC.INET
>This seems to work just fine.
>
>abrams:~# net ads join "TwinCities\TTAGS\SERVERS"
>[2004/12/28 18:52:20, 0] libads/ldap.c:ads_add_machine_acct(1475)
> Warning: ads_set_machine_sd: Unexpected information received
>Using short domain name -- CORP
>[2004/12/28 18:52:23, 0] libads/kerberos.c:get_service_ticket(335)
> get_service_ticket: kerberos_kinit_password
>TTLNX01$@CORP.TCC.INET@CORP.TCC.INET failed: Client not found in
>Kerberos database
>Segmentation fault
>
>That doesn't work. I look in Active Directory Users & Comptuers and
>there is a new computer account in the correct location however.
>
>Looking at that output, it seems to be trying to create a client named
>TTLNX01$@CORP.TCC.INET@CORP.TCC.INET. That doesn't seem right, it
>should be just TTLNX01$@CORP.TCC.INET right? What would be causing
>that extra @CORP.TCC.INET to be added? Or is it supposed to be that
>way?
>
>I have no /etc/krb5.conf, as according to the Official Samba HOWTO it
>is not required.
>"With both MIT and Heimdal Kerberos, it is unnecessary to configure
>the /etc/krb5.conf, and it may be detrimental."
>
>As kinit works, it definitly doesn't seem like I need an /etc/krb5.conf.
>
>Not sure if this list allows attachments, so my smb.conf is at
>http://www.ringworld.org/~zibby/stuff/linux/smb.txt
>
>The host system is Debian Testing (Sarge) running 2.4.27 on an Alpha
>processor, using the packages for sarge.
>
>If anyone knows how to resolve this, please please please let me know.
>If you need/want more details, just ask.
>
>
>