LinuxQuestions.org - Asking for authentication even after getting authenticated with ADS

Dear all,

Need some help of all of yours.
I am facing with a problem with after joining an ubuntu PC with Windows server 2003 and its authenticating with the ADS. No problem in that authenticating. But after getting logged in with AD username and password its keep asking me for password for almost everything like get access to a shared dir, access to shared printer, after configuring evolution I can easily can get synchorized with exchange server 2003 but it keeps asking me everytime for password whenever I try to open evolution, when want to even reply a mail, when even try to open a new mail; almost for everything.

What I am trying achieve here is to migrate all my users from windows to linux platform and as a first step authenticating ubuntu7.10 with windows AD was successful. But now this authentication problem is getting in the way.

I followed the steps here for authenticating with windows AD:
https://help.ubuntu.com/community/Ac...ryWinbindHowto.

I also posted it in ubuntu forum but nobody seems to be interested or may be its a dumb question to answer.The link is below:
http://ubuntuforums.org/showthread.php?t=635967

Here are the steps I followed along with above tutorial:

PHP Code:




            Ubuntu Users Authentication through ADS 
 
 
 
We have to install all the required packages as follows: 
 
samba  
samba-common (installed by default) 
smbclient (installed by default) 
winbind 
openssh-server  
openssh-client 
 
 Kerberos 
krb5-config 
krb5-user 
 
Configuration Settings on Ubuntu 
Verify Kerberos, LDAP, AD, and Winbind support 
You will need to check you have support for Kerberos, LDAP, AD, and Winbind.  
# smbd -b | grep LDAP  
HAVE_LDAP_H  
HAVE_LDAP  
HAVE_LDAP_DOMAIN2HOSTLIST  
...  
# smbd -b | grep KRB  
HAVE_KRB5_H  
HAVE_ADDRTYPE_IN_KRB5_ADDRESS  
HAVE_KRB5  
... 
# smbd -b | grep ADS  
WITH_ADS  
WITH_ADS  
 
# smbd -b | grep WINBIND  
WITH_WINBIND  
WITH_WINBIND 
If you're missing any of these options, you need to recompile Samba 
 
Configure and Test Kerberos 
------------------------------ 
/etc/krb5.conf 
 
[logging] 
 default = FILE:/var/log/krb5libs.log 
 kdc = FILE:/var/log/krb5kdc.log 
 admin_server = FILE:/var/log/kadmind.log 
 
[libdefaults] 
 default_realm = IMATION.COM 
 
[realms] 
 IMATION.COM = { 
  kdc = ubuntu.imation.com 
  kdc = kubuntu.imation.com 
  kdc = edubuntu.imation.com 
 } 
 
[domain_realm] 
 .kerberos.server = IMATION.COM 
Be sure to use uppercase where applicable as shown above, and when you test the connection with kinit. If you mess up your cases, you will get an error “Cannot find KDC for requested realm while getting initial credentials”.  
 
Test the connection with:  
# kinit xp@IMATION.COM 
Password for xp@IMATION.COM 
Now here xp is the admin user with admin right to join pc to AD. 
 
[root@pc-2165 squid]# klist 
Ticket cache: FILE:/tmp/krb5cc_0 
Default principal: xp@IMATION.COM 
 
Valid starting     Expires            Service principal 
09/30/07 18:44:17  10/01/07 04:44:27  krbtgt/IMATION.COM@IMATION.COM 
        renew until 10/01/07 04:44:17 
 
 
Kerberos 4 ticket cache: /tmp/tkt0 
klist: You have no tickets cached 
 
 
Configure and Test Samba 
------------------------ 
samba.conf 
 
[global] 
        workgroup = IMATION 
        realm = IMATION.COM 
        server string = Linux Web Server 
        security = ADS 
        encrypt passwords = yes 
        log level = 3 
        log file = /var/log/samba/%m 
        max log size = 50 
        preferred master = No 
        idmap uid = 10000-20000 
        idmap gid = 10000-20000 
        winbind separator = + 
 
[homes] 
        comment = Home Directories 
        valid users = %S 
        read only = yes 
        browseable = No 
 
Save your changes and run 'testparm' to check for any syntax errors.  
# testparm 
 
# /etc/init.d/smb start 
Finally, join your Samba machine to Active Directory:  
 
# net ads join -U xp@IMATION.COM 
xp@IMATION.COM's password: 
Using short domain name -- IMATION 
Joined 'SSO-ADS' to realm 'IMATION.COM' 
 
If this works, shut down samba and enable winbind (as below). If not, you'll need to do some troubleshooting. 
# ntlm_auth --username=<Any AD username> 
 
you should get this output "NT_STATUS_OK: Success (0x0)" 
 
 
Enabling Windbind 
/etc/nsswitch.conf 
 
 
passwd:     compat winbind 
group:      compat winbind 
shadow:     compat 
 
hosts:      files dns wins 
networks:   files dns 
protocols:  db files 
services:   db files 
ethers:     db files 
rpc:        db files 
 
Save your changes, and fire up windbind and Samba:  
# service winbind stop 
# /etc/init.d/smb start 
# service winbind start 
Confirm winbindd is running 
# pgrep winbindd 
You can verify winbind is working with:  
# wbinfo -u  
 
# wbinfo -g  
 
Modify the PAM settings: 
 
 
1) /etc/pam.d/common-account should contain only the following lines 
 
 
account sufficient pam_winbind.so 
account required pam_unix.so 
 
 
2) /etc/pam.d/common-auth should contain only the following lines 
 
 
auth sufficient pam_winbind.so 
auth required pam_unix.so nullok_secure use_first_pass 
auth    required    pam_deny.so 
 
3) Modify the /etc/pam.d/common-password file, so the max parameter is set to 50, similar to the one shown below 
 
 
password required pam_unix.so nullok obscure min=4 max=50 md5 
 
 
4) Make sure the /etc/pam.d/common-session file contains the following line 
 
session    required    pam_unix.so 
session required pam_mkhomedir.so umask=0022 skel=/etc/skel 
 
 
5)  Make a directory to hold domain user home directories 
 
Note: Use the value you put in the WORKGROUP tag of the /etc/samba/smb.conf file 
 
mkdir /home/IMATION

Any help will be greatly appreciated.
Thanks in advance.