RE: Joining an Etch AMD64 Samba server to an existing Windows2003Domain

To: "'Greg Folkert'" <greg@gregfolkert.net>, <debian-user@lists.debian.org>
Subject: RE: Joining an Etch AMD64 Samba server to an existing Windows2003Domain
From: "Jeff Thurston" <jthurston@skyline-ats.com>
Date: Fri, 27 Apr 2007 13:30:13 -0700
Message-id: <[🔎] 20070427203044.AFAEA17F7D5@mail.skyline-ats.com>
In-reply-to: <[🔎] 1177698131.4076.6.camel@princess.gregfolkert.net>

I am assuming there is more to it than just configuring krb5.conf?
When I run kinit -V username it tells me "Authenticated to Kerberos v5"

Can you recommend where to start reading up on how to go about issuing a
ticket on the AD server? You would think that all of the howto docs out
there would mention this step.

Thanks Greg,

-Jeff.

-----Original Message-----
From: Greg Folkert [mailto:greg@gregfolkert.net] 
Sent: Friday, April 27, 2007 11:22 AM
To: debian-user@lists.debian.org
Subject: Re: Joining an Etch AMD64 Samba server to an existing
Windows2003Domain

On Fri, 2007-04-27 at 09:25 -0700, Jeff Thurston wrote:
> I'm hoping someone can give me a clue what I am doing wrong here,
> Running Etch (AMD64), I followed the samba wiki at:
> http://wiki.samba.org/index.php/Samba_&_Active_Directory#Prerequisites.
> I get mostly good results, except when I try to run 'getent passwd' or
> 'getent group' only local users/groups are listed.
> 
> I was able to join the domain: net ads join -U admin_user
> The system shows up in AD under computers on the PDC.
> Afterwards if I do wbinfo -u, wbinfo -g, wbinfo -p, wbinfo -t, wbinfo -a
> ad_user%password - All of those appear to work correctly. 
> 
> This however seems somewhat fishy, it says "Active Directory: No":
> 
> 'wbinfo -D domain.com'
> Name              : DOMAIN
> Alt_Name          : DOMAIN.COM
> SID               : S-XXXXXXXXXXXXXXXXXXXXXX
> Active Directory  : No
> Native            : No
> Primary           : Yes
> Sequence          : 2008
> 
> My nsswitch.conf looks correct:
> passwd: files winbind
> shadow: files winbind
> group: files winbind
> hosts: files dns wins
> 
> Anyone have some idea of what I am doing wrong? Or where I should start
> looking? The log info for Winbind looks acceptable with no blatant errors
as
> far as I can tell.

You are missing the kerberos setup. It is hard to e-mail advice, but you
need to get a proper ticket issues for the admin user (in AD that is) as
the admin user for samba and then join it.

Kerberos is not for the faint of heart.
-- 
greg, greg@gregfolkert.net

Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup

Reply to:

References:
- Re: Joining an Etch AMD64 Samba server to an existing Windows2003 Domain
  - From: Greg Folkert <greg@gregfolkert.net>

Prev by Date: Re: Can't mount pen drive (SOLVED -- Sort of)
Next by Date: Re: sysinfo -ram
Previous by thread: Re: Joining an Etch AMD64 Samba server to an existing Windows2003 Domain
Next by thread: How to change Iceweasel reported browser
Index(es):
- Date
- Thread