Leon Stringer wrote:
I'm still struggling with this if anyone can help.
I'm back tracking through the HOWTO and realised that I hadn't created
a machine trust account.
So I've done:
# groupadd machines
# /usr/sbin/useradd -g machines -d /var/lib/nobody -c "Test Server" -s
/bin/false server1
# passwd -l server1
Locking password for user server1.
# smbpasswd -a -m server1
Failed to modify password entry for user server1$
Please can anyone tell me why this last step fails?
Those commands are for working with an NT4 domain. They're of no use if
you're trying to join samba to an AD domain.
From: Leon Stringer <[EMAIL PROTECTED]>
Date: 2008/06/17 Tue AM 11:13:14 GMT
To: <samba@lists.samba.org>
Subject: [Samba] Accessing member server prompts for credentials
Hi,
I'm trying to join a server as an AD member but it isn't working.
I do:
kinit [EMAIL PROTECTED]
which prompts for the password and displays nothing else. Then I do:
net ads join -U Administrator%XXXXX
which returns:
Using short domain name -- DOMAIN1
Joined 'SERVER1' to realm 'DOMAIN1.CO.UK'
So all looks OK, but when I try to browse the shares on \\server1
from another domain member I'm prompted for a username and password. Any valid
domain credentials are rejected.
The log file for the IP address for the computer I'm trying to connect
from says:
[2008/06/17 11:54:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
log.smbd says:
[2008/06/17 11:55:47, 0] auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[2008/06/17 11:55:47, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
smb.conf says:
[global]
workgroup = DOMAIN1
realm = DOMAIN1.CO.UK
security = ADS
Samba 3.0.30 on Fedora 8.
Can anyone tell me where I'm going wrong?
Actually, it all looks good so far, but you need a little more setup so
samba can authenticate accounts against AD.
Do you have winbindd running?
What does 'wbinfo -t' tell you?
Do you have the winbind sections in smb.conf configured correctly?
Can you get a list of AD accounts with 'wbinfo -u'?
Did you configure nsswitch.conf correctly?
If 'id "DOMAIN\user"' returns useful info about the user, your machine
is authenticating with AD correctly.
Also, ntpd needs to sync the time very closely with the domain. 'date ;
net time -w DOMAIN' should show times that are within seconds of each other.
Go back to the Samba HOWTO and review Ch. 24 and 29. Any text in the
HOWTO that mentions NT4 or PDC or BDC configuration is not for your
situation.
--
Toby Bluhm
Alltech Medical Systems America, Inc.
30825 Aurora Road Suite 100
Solon Ohio 44139
440-424-2240 ext203
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
