Hi,

First, sorry if this is a bit long. I've been working on this for a few days and it is not working. I think that I am pretty close to a solution but I don't know what to do next. I posted this on the Samba list a few days ago but got not answers so I'm trying here.

What I want to do: I want to join my Linux box in my Windows domain so that the share on the Linux box will be accessible from our windows machines using our Windows logons. Simple, no?

But I'm having problems finding what is wrong with my setup. Running Samba 3.0.10-1.4E.6 on CentOS 4.3. PDC is AD on Windows 2003.

Samba and winbind services are running.

My smb.conf file:

# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2006/05/30 10:52:16

# Global parameters
[global]
workgroup = MONTREAL
realm = CASTORTECH.COM
interfaces = eth0
security = ADS
password server = castor-srvr1
wins server = 192.168.64.20

[Main]
comment = Test
path = /
guest ok = yes
writeable = yes

I was able to join the domain with net ads join. I see the Linux box in AD. I also see it in my Network Places on Windows and the share called Main but it asks for a user/password when I try to access it and it doesn't work.

If I run net ads testjoin:
Join is OK

If I run net ads info:
LDAP server: 192.168.64.20
LDAP server name: castor-srvr1
Realm: CASTORTECH.COM
Bind Path: dc=CASTORTECH,dc=COM
LDAP port: 389
Server time: Fri, 02 Jun 2006 14:04:26 GMT KDC server: 192.168.64.20 Server time offset: -947

If I run net ads lookup:
Information for Domain Controller: castor-srvr1

Response Type: SAMLOGON
GUID: e7508a6a-4561-4440-b45c-9fd246d4c93c
Flags:
Is a PDC: yes
Is a GC of the forest: yes
Is an LDAP server: yes
Supports DS: yes
Is running a KDC: yes
Is running time services: yes
Is the closest DC: yes
Is writable: yes
Has a hardware clock: no
Is a non-domain NC serviced by LDAP server: no
Forest: castortech.com
Domain: castortech.com
Domain Controller: castor-srvr1.castortech.com
Pre-Win2k Domain: MONTREAL
Pre-Win2k Hostname: CASTOR-SRVR1
Site Name: Default-First-Site-Name
Site Name (2): Default-First-Site-Name
NT Version: 5
LMNT Token: ffff
LM20 Token: ffff

Net ads user also return a list of the domain's users.

Wbinfo -u and -g return a list of the domain's users and groups.

But if I run wbinfo -a simon%bvhdohgo I get:
plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc0000064) error messsage was: No such user Could not authenticate user simon%bvhdohgo with plaintext password challenge/response password authentication succeeded

I also tried with administrator but I got the same result.

But I ran wbinfo --set-auth-user=administrator%pass and get MONTREAL\administrator%pass if I run wbinfo --get-auth-user. So it is able to get the domain info. I don't get it.

And of course, getent passwd returns the local users, not the one from the domain.

Passwd, shadow and group are set as files winbind in /etc/nsswitch.conf.

Any idea what is wrong and what should I check next?

I'm getting desperate...

Thanks!
Simon

I have written a small tutorial over at the arch wiki. I believe that the problem lies in the users (you don't have any "approved" users defined) and possibly that you don't have passwords encrypted (or so it would seem to me). Check out my walkthrough here:http://wiki.archlinux.org/index.php/Setting_up_Samba


Should you need some more help I will do my best

!EDIT! Although it is probably painfully obvious - ignore the first part about installing Samba through pacman

Thanks for the reply and the link.

Unfortunaley, your walkthrough is not what I want to do. I want to use AD to authenticate, not the local Samba users.

I forgot to put encrypt passwords! Thanks for reminding me. Still didn't work tho.

Sorry about that - admittedly I didn't read the complete thing. Not sure I can help with getting AD to do the authentication though - never much needed it...