> -----Original Message----- > From: José Alberto Patiño Limón [mailto:jalbertop@;aranea.com.mx] > Sent: Wednesday, November 13, 2002 6:43 PM > To: ZINKEVICIUS,MATT " "(HP-Loveland,ex1) > Cc: [EMAIL PROTECTED] > Subject: RE: Unable to authenticate with security=ADS > > > Ok. Well I had the same problem when I was starting to setup > SAMBA 3.0. > But I dont remember what I did to fix it. > > I remeber that the main problem that I had was with the > nss_ldap module, > remember that you need to have the passwd and group info available to > the samba daemon. I have 2 setups to get this info from > Active Directory > and OpenLDAP. But you must be certain at least that you have > a entry in > the /etc/passwd to get the uid data for the W2K user that you > are using > to share the storage in Samba.
I need a local unix account for every user that can authenticate via ADS? I want to use ADS for authentication, not local unix accounts. That's the whole point. The error looks like a problem in ticket handling anyway, so I don't think this has to do with not being able to find a local account to verify against. sigh... I guess I'll go read the active directory code now. > Just to be sure, I assume that you /etc/krb5.conf is configured to see > the kerberos "realm" for Active Directory. Yep. My krb5.conf is attached to the original email if you want to look at it. > I think that the klist tickets command is supposed to be tested in the > W2K machine and noy in the unix box. My W2K box doesn't seem to have klist installed (At least not in my path) --Matt