similar to: ADS authentication in disjointed, multiple forest

Hello all. I've set up a testing environment with two Windows DCs. The first, called DCA, is serving the domain DOMA and is running Windows 2003. The second is called DCB and serves DOMB on Windows 2008. The Samba machine I'm setting up (named ULYSSES) should be able to authenticate users from both domains for shell login. I've installed Samba 3.2.3 as a Debian package and closely

I'm using RH9, and I have compiled samba 3.0.1 compiled from sources, > with the following options: > ./configure --with-winbind --with-winbind-auth-challenge --with-pam \ > --with-acl-support --with-ldapsam --with-pam_smbpass \ --with-ads > --with-ldap --with-dce-dfs --with-smbwrapper --enable-pam > net ads join -S server.domain.com -U support worked fine.

Hi , I'm using RH9, and I have compiled samba 3.0.1 compiled from sources, with the following options: ./configure --with-winbind --with-winbind-auth-challenge --with-pam \ --with-acl-support --with-ldapsam --with-pam_smbpass \ --with-ads --with-ldap --with-dce-dfs --with-smbwrapper --enable-pam net ads join -S server.domain.com -U support worked fine. I started winbindd.

Hi, Using samba 3.0.25b, testing to join to a Windows 2008 domain using ADS security with kerberos and it doesn't seem to work. Anybody else tried this combination? Same configuration worked joining to a Windows 2003 R2 domain. I'm not a samba expert but looking at the log it looks like the not_defined_in_RFC4178@please_ignore have something to do with it? Output from "net

Hi I'm trying to get a setup working with 2 separate AD forests (both 2003 R2 based). Let's call them PROD.x.ch and DEV.x.ch. There is a one way cross forest trust from DEV to PROD (hope I said this the right way), so that authenticated principals in PROD can access resources from DEV. The setup works in principle, a user logged into a PROD Windows PC can access Shares from a DEV

Dear List! I have the problem described at http://lists.samba.org/archive/samba/2008-February/138451.html It is materialized after an upgrade of samba/winbind. Everything was working before. I could not find the solution neither on the net, nor from people originally having the problem, so here I am. This problem is a showstopper for me. (I can login by changing pam_winbind to pam_krb5, but this

Hi! The problem lies in the "winbind separator" settings. If I use winbind separator = \\ everything goes well. I believe this is due to a bug. As I don't want to register to yet another bugzilla, please someone issue the report there. Explanation: winbindd_raw_kerberos_login uses parse_domain_user to generate the kerberos principal from state->request.data.auth.user at this

All, I have a Samba 3.0.4 server running on AIX 5.2. Samba is configured with PAM, LDAP and Kerberos. The server has been joined to an existing Windows 2003 domain, and wbinfo -u and wbinfo -g works fine. Users from the domain that Samba is a member of can authenticate just fine. The domain is in a one-way trust relationship with another ADS domain (i.e. Samba is a member of domain A,

Hi again all, I'm trying to get samba 3b3 working with ADS on Suse 8.0 enterprise. I've installed heimdal kerberos 0.6 with openldap support. Now when I did that, I used the configure options of: ./configure --with-openldap=/usr/local/bin --with-openldap-include=/usr/local/include --with-openldap-lib=/usr/local/lib --enable-shared=yes there's another config option of

I have users from Domain A trying to browse a domain member samba server in Domain B. Domain A and Domain B are both Windows 2k domains. Domain B has a one way trust to A. A users can browse Domain B Windows server with no problem so I no the trust is fine. Samba version is 3.0.21b on RH Linux ES 3. The winbindd log is giving me the following error: [2006/02/16 08:28:50, 0]

HI, I am sorry I forgot to post the problem that I am having. It is the same issue who posted this e-mail originally. Please let me know what should I do to fix the problem that I am having. Edit /etc/samba/smb.conf [global] realm = KERBEROS.REALM security = ADS encrypt passwords = yes password server = kerberos.server Edit /etc/krb5.conf [libdefaults] default_realm = KERBEROS.REALM

I 'm trying to figure out why my samba box can 't get any information about trusted w2k ad domains. The linux samba server is a domain member of a w2k domain. Everything is fine with this domain, but I can 't get sequence numbers, nor users, nor groups from others domains in the active directory. The main error seems to be "Server not found in kerberos database" when it

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The net commands work: net ads testjoin, net ads user (after a ticket is created). However, winbindd refuses to run correctly. It has an --set-auth-user configured, but the following commands don't work: [root@nassc01 samba]# wbinfo -p Ping to winbindd failed on fd -1 could not ping winbindd! [root@nassc01 samba]# wbinfo -t checking the trust

I am trying to authenticate a user in a domain (EU) other than my default domain (NA). I am at a loss as to what may be wrong at this point. When I run a wbinfo -sequence, I see the following: linux:~ # wbinfo --sequence LAC : DISCONNECTED EU : DISCONNECTED AP : DISCONNECTED UIS : 19895750 TRIMBLRDLINUX : 1 BUILTIN : 1 NA : 15410431 If I try a kinit, here is the output:

Hi all, I've been working on getting Samba to authenticate via ADS for the past few weeks with some lack of success. I had somewhat of a breakthrough the other day realizing that the problem was related to the kerberos authentication between Samba and the Win 2008 R2 AD server. Trying to fix this I generated a keytab with ktpass which I uploaded to the server. I've been successful to

I 'm having trouble integrating winbind into a multiple active directory domains environment. The machine TCSLSO02 joined successfully the domain BAIRES, realm BAIRES.TECHINT.NET . wbinfo -u works wbinfo -g works net ads testjoin works wbinfo -t works Nevertheless, no command involving others domains works. I can 't list other domain 's users nor groups. wbinfo -m fails with

Hi, After unsuccessfully trying to join a samba server to my Win2k domain, I turn to you guys for help. The samba server in question is called BRITERSEN, and is on 192.168.1.4, the Win2k domain controller is called SPOCK and is on 192.168.1.3, the domain in question is petenet.britersen.co.uk Getting a kerberos ticket seems to go ok: [root@britersen:~]# klist Credentials cache:

After 2 weeks of trying to configure samba as a member server in a native AD domain, with winbind+nss+kerberose following the Samba Collection and (Samba-3 By Exmaple) docuentation, with RedHat AS3, samba 3.0.9, krb5 1.3.1, where 2 KDC's are Windows 2003 and one is Windows 2000, and smb-signing has been turned off,... when a user tries to access a share, they are prompted for a password, and

The cmd 'net ads join -U username' dies with 'Segmentation fault' for our PROD ADS environment, however works fine in our DEV ADS environment! The only [Linux] configuration change between the two environments is update SAMBA and Kerberos config to read 'ADS' vs 'ADSDEV' and change the domain controller FQDN. The /var/kerberos/krb5kdc directory, samba/secrets.tdb

I'm trying to put my Samba Server in AD Win2008, as I did in the past with Win2003. I'm using smbd Version 3.2.5, winbindd Version 3.2.5, MIT Kerberos 1.6.1-1 and ntpdate synchronized with AD, I follow this howto http://wiki.samba.org/index.php/Samba_%26_Active_Directory and this https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto All my tests demonstrate the successful when I