Alex Sharaz
2006-Feb-23 10:21 UTC
[Samba] Problems joining a RHEL4.0 version of samba to an active directory
Chaps, I'm trying to join a RHEL 4.0 Linux server to an active directory domain. The server in question runs a RADIUS server and I need it to be able to authenticate users via AD. Basically when we try running net ads join member -I 150<an ip address> -U <admin user> -d 2 we get [2006/02/23 10:05:20, 2] lib/interface.c:add_interface(79) added interface ip=150.237.47.22 bcast=150.237.47.255 nmask=255.255.255.0 [2006/02/23 10:05:20, 2] lib/interface.c:add_interface(79) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 testa's password: [2006/02/23 10:05:34, 0] utils/net_ads.c:ads_startup(186) ads_connect: Strong(er) authentication required [2006/02/23 10:05:34, 2] utils/net.c:main(859) return code = -1 If however I try "kinit -V <myuserid>@ADIR.HULL.AC.UK" and enter my AD password it works. If I try the same with the administrator password, it works. My smb.conf file looks like [global] # Replace 'OPEN' with the name of your Windows domain: workgroup = ADIR.HULL.AC.UK # You may also need to specify the realm if you are using Kerberos security = domain password server = <this Server> realm = ADIR.HULL.AC.UK preferred master = no server string = Hull Comms support server security = ADS use spnego = yes encrypt passwords = yes log level = 3 log file = /var/log/samba/%m max log size = 50 winbind separator = + printcap name = cups printing = cups idmap uid = 10000-20000 idmap gid = 10000-20000 bind interfaces only =yes interfaces =150.237.47.22 127.0.0.1 Any suggestions as to where to look for the problem would be appreciated Alex
Gerald (Jerry) Carter
2006-Feb-23 16:11 UTC
[Samba] Problems joining a RHEL4.0 version of samba to an active directory
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Sharaz wrote:> Chaps, > > I'm trying to join a RHEL 4.0 Linux server to an active directory > domain. The server in question runs a RADIUS server and I need it to be > able to authenticate users via AD. > > Basically when we try running > > net ads join member -I 150<an ip address> -U <admin user> -d 2 > we get > > [2006/02/23 10:05:20, 2] lib/interface.c:add_interface(79) > added interface ip=150.237.47.22 bcast=150.237.47.255 > nmask=255.255.255.0 > [2006/02/23 10:05:20, 2] lib/interface.c:add_interface(79) > added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 > testa's password: > [2006/02/23 10:05:34, 0] utils/net_ads.c:ads_startup(186) > ads_connect: Strong(er) authentication required > [2006/02/23 10:05:34, 2] utils/net.c:main(859) > return code = -1The is a error from the LDAP client libs. Not the krb5 libs. You should be able to set 'ldap ssl = start_tls' in smb.conf to correct the problem. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD/d6gIR7qMdg1EfYRAojdAJ9jBcHGr7vmHNCpHqCejeDK61iGgQCfWXfX M1O5P96cljr/4IEIhY3OiYE=VxX5 -----END PGP SIGNATURE-----
Possibly Parallel Threads
- Using ntlm_auth to authneticate to an NTLMv2 AD
- Authenticating users via samba to an active directory
- knit and smbclient executed with different users but no error thrown
- knit and smbclient executed with different users but no error thrown
- mkstemp failed: (code 23) main(633)