RE: Joining an Etch AMD64 Samba server to an existing Windows2003Domain
- From: "Jeff Thurston" <jthurston@xxxxxxxxxxxxxxx>
- Date: Fri, 27 Apr 2007 13:30:13 -0700
I am assuming there is more to it than just configuring krb5.conf?
When I run kinit -V username it tells me "Authenticated to Kerberos v5"
Can you recommend where to start reading up on how to go about issuing a
ticket on the AD server? You would think that all of the howto docs out
there would mention this step.
Thanks Greg,
-Jeff.
-----Original Message-----
From: Greg Folkert [mailto:greg@xxxxxxxxxxxxxxx]
Sent: Friday, April 27, 2007 11:22 AM
To: debian-user@xxxxxxxxxxxxxxxx
Subject: Re: Joining an Etch AMD64 Samba server to an existing
Windows2003Domain
On Fri, 2007-04-27 at 09:25 -0700, Jeff Thurston wrote:
I'm hoping someone can give me a clue what I am doing wrong here,as
Running Etch (AMD64), I followed the samba wiki at:
http://wiki.samba.org/index.php/Samba_&_Active_Directory#Prerequisites.
I get mostly good results, except when I try to run 'getent passwd' or
'getent group' only local users/groups are listed.
I was able to join the domain: net ads join -U admin_user
The system shows up in AD under computers on the PDC.
Afterwards if I do wbinfo -u, wbinfo -g, wbinfo -p, wbinfo -t, wbinfo -a
ad_user%password - All of those appear to work correctly.
This however seems somewhat fishy, it says "Active Directory: No":
'wbinfo -D domain.com'
Name : DOMAIN
Alt_Name : DOMAIN.COM
SID : S-XXXXXXXXXXXXXXXXXXXXXX
Active Directory : No
Native : No
Primary : Yes
Sequence : 2008
My nsswitch.conf looks correct:
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns wins
Anyone have some idea of what I am doing wrong? Or where I should start
looking? The log info for Winbind looks acceptable with no blatant errors
far as I can tell.
You are missing the kerberos setup. It is hard to e-mail advice, but you
need to get a proper ticket issues for the admin user (in AD that is) as
the admin user for samba and then join it.
Kerberos is not for the faint of heart.
--
greg, greg@xxxxxxxxxxxxxxx
Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
- References:
- Re: Joining an Etch AMD64 Samba server to an existing Windows2003 Domain
- From: Greg Folkert
- Re: Joining an Etch AMD64 Samba server to an existing Windows2003 Domain
- Prev by Date: Re: Can't mount pen drive (SOLVED -- Sort of)
- Next by Date: Re: sysinfo -ram
- Previous by thread: Re: Joining an Etch AMD64 Samba server to an existing Windows2003 Domain
- Next by thread: How to change Iceweasel reported browser
- Index(es):
Relevant Pages
|
|
