Hi all, thanks for your responses. It's now over a week later and i've re-installed to make sure it's not a RedHat magical if-you-don't-install-it-at-install-time-you-don't-get-the-right-config-files-setup issue. It's still not working, but i've found a new wall to bang my head against and its name is Kerberos.
i may be back :) m. -----Original Message----- From: mikee [mailto:[EMAIL PROTECTED] Sent: Wednesday, 6 June 2007 4:13 AM To: Michael Cleghorn Subject: Re: [Samba] AD Integrated authentication On Mon, 28 May 2007, Michael Cleghorn might have said: > > Hello list, > > i'm going to try very hard not to rant here, but i've been trying to get > Samba working for 3 days, and it's just not happening. Let me start from the > beginning. i'm just a lowly Windows admin but i've been doing this for 10 > years, so i'm pretty sure i know what i'm doing (present situation excepted, > clearly). i've got RedHat AS4 and a primarily Windows 2000 domain. i want > to be able to transparently browse to the shares on the RH server from a > Windows client without having to authenticate again, which is exactly what > the AD integrated authentication is for, right? > > If i do "wbinfo -u" i get a list of AD objects, but without the AD domain > name prepended which is my first clue that something isn't right. If i do > "wbinfo -a username%password" both plaintext and challenge response > authentication work. If i do "getent passwd" i get only local usernames. > Same for "getent group" except i get local groups, obviously. From > everything i've read in the man pages and god only know how many online > troubleshooting and/or help docs, this just doesn't happen. Everything that > mentions using wbinfo and getent for testing just says "and you can try this > and oh, look it works". i'm paraphrasing slightly. > > i have joined the RH server to the domain. i can get a Kerberos ticket > issued if i want one. i have been through smb.conf, nsswitch.conf and > /etc/pam.d so often, i no longer remember what my originals looked like. i'm > happy to post excerpts from any or all of these of they will help (i'm not > going to do it now in case 1 - it's an easy fix, in which case i'm not sure > if i'll laugh or cry and 2 - to keep things relatively short). The logs have > been less than ideally helpful since i already know that authentication isn't > working... somewhere. > > Can someone help? Please? I authenticate my users with OpenLDAP on my Fedora Core box. The FC box uses samba and samba does authenticate the remote share access. Below is a snippet of my current configuration. Mike [global] security = USER client plaintext auth = Yes client lanman auth = Yes encrypt passwords = Yes lanman auth = No ntlm auth = Yes password level = 0 guest account = nobody admin users = hosts allow = .pointwise.com, 10.1.2., 10.1.3., 192.168.100. cups options = raw wins support = yes name resolve order = wins lmhosts host bcast dns proxy = no usershare allow guests = yes time server = yes workgroup = XXXX netbios aliases = loghost, mailhost, backuphost, ldaphost server string = Samba Server (%h) logon drive = L: logon home = \\%N\%U logon path = \\%N\%U\profile logon script = /etc/samba/login.bat ldap delete dn = Yes ldap suffix = dc=pointwise,dc=com ldap admin dn = cn=manager,dc=pointwise,dc=com ldap user suffix = ou=people ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap ssl = off ldapsam:trusted = Yes ldap timeout = 15 utmp directory = /var/run wtmp directory = /var/log utmp = Yes password server = ldaphost.pointwise.com passdb backend = ldapsam:ldap://ldaphost.pointwise.com ldap passwd sync = Yes #unix password sync = Yes #passwd program = /usr/sbin/smbldap-passwd %u #passwd chat = "Changing * password*for*\nNew password*" %n\n "*Retype new password*" %n\n" #passwd chat debug = Yes os level = 66 preferred master = Yes local master = Yes domain master = Yes domain logons = Yes allow trusted domains = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
