Hi, From last few months I have been struggling with samba authentication using win2003 Active Directory. Recently I have joined new company and they have one of their Ubuntu server problem in authenticating users from AD. I really appreciate if you can help me out with this. I have Samba version : 3.0.22 Ubuntu version : 6.10 samba config: netbios name = fs workgroup = MYGROUP server string = %h server (Samba, Ubuntu) wins support = yes wins server = ad.mydomain dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 panic action = /usr/share/samba/panic-action %d security = ads realm = mydomain.com guest ok = no admin users = MYDOMAIN\mitch encrypt passwords = true obey pam restrictions = yes invalid users = root unix password sync = no passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . pam password change = yes load printers = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain master = no prefered master = no local master = no idmap domains = ALLDOMAINS idmap config ALLDOMAINS:backend = ad idmap config ALLDOMAINS:range = 10000 - 300000000 idmap config ALLDOMAINS:default = yes idmap config ALLDOMAINS:schema_mode = sfu template shell = T/bin/bash template homedir = T/home/%U winbind nss info = sfu winbind use default domain = yes [homes] comment = Home Directories path = /mt/user/%S browseable = no writable = yes create mask = 0775 hide dot files = yes directory mask = 0775 [mt] comment = MyShare path = /mt browseable = yes writable = yes create mask = 0775 hide dot files = yes directory mask = 0775 Krb5.conf [libdefaults] default_realm = MYDOMAIN.COM [realms] MYDOMAIN.COM = { kdc = ad.mydomain admin_server = ad.mydomain default_domain = MD } [domain_realm] .mydomain.com = MYDOMAIN.COM .md = MYDOMAIN.COM .domain = MYDOMAIN.COM /etc/pam.d/common-account account sufficient pam_winbind.so account sufficient pam_unix.so /etc/pam.d/common-auth auth sufficient pam_winbind.so auth sufficient pam_unix.so use_first_pass nullok_secure /etc/pam.d/common-password password sufficient pam_unix.so nullok obscure min=4 max=8 md5 password sufficient pam_winbind.so try_first_pass How can I confirm that my active directory has KDC installed and in order to work above configuration what Packages I should have in my Ubuntu Machine. Because I have installled following packages: root@intra:/etc/pam.d# dpkg --get-selections | grep samba gsambad install samba install samba-common install samba-doc install xffm4-samba install root@intra:/etc/pam.d# dpkg --get-selections | grep winbind winbind install root@intra:/etc/pam.d# dpkg --get-selections | grep krb krb5-config deinstall libkrb5-dev install libkrb53 install I really appreciate if you can email me your response as tht would be the best way to get updates. [email protected] Thanks in Advance: Regards, Anis Momin
