I’m hoping someone can give me a clue what I am doing wrong here,
Running Etch (AMD64), I followed the samba wiki at:
http://wiki.samba.org/index.php/Samb...#Prerequisites.
I get mostly good results, except when I try to run ‘getent passwd’ or
‘getent group’ only local users/groups are listed.

I was able to join the domain: net ads join –U admin_user
The system shows up in AD under computers on the PDC.
Afterwards if I do wbinfo –u, wbinfo –g, wbinfo –p, wbinfo –t, wbinfo –a
ad_user%password - All of those appear to work correctly.

This however seems somewhat fishy, it says “Active Directory: No”:

‘wbinfo -D domain.com’
Name : DOMAIN
Alt_Name : DOMAIN.COM
SID : S-XXXXXXXXXXXXXXXXXXXXXX
Active Directory : No
Native : No
Primary : Yes
Sequence : 2008

My nsswitch.conf looks correct:
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns wins

Anyone have some idea of what I am doing wrong? Or where I should start
looking? The log info for Winbind looks acceptable with no blatant errors as
far as I can tell.

-Jeff

On Fri, 2007-04-27 at 09:25 -0700, Jeff Thurston wrote:
> I’m hoping someone can give me a clue what I am doing wrong here,
> Running Etch (AMD64), I followed the samba wiki at:
> http://wiki.samba.org/index.php/Samb...#Prerequisites.
> I get mostly good results, except when I try to run ‘getent passwd’ or
> ‘getent group’ only local users/groups are listed.
>
> I was able to join the domain: net ads join –U admin_user
> The system shows up in AD under computers on the PDC.
> Afterwards if I do wbinfo –u, wbinfo –g, wbinfo –p, wbinfo –t, wbinfo –a
> ad_user%password - All of those appear to work correctly.
>
> This however seems somewhat fishy, it says “Active Directory: No�:
>
> ‘wbinfo -D domain.com’
> Name : DOMAIN
> Alt_Name : DOMAIN.COM
> SID : S-XXXXXXXXXXXXXXXXXXXXXX
> Active Directory : No
> Native : No
> Primary : Yes
> Sequence : 2008
>
> My nsswitch.conf looks correct:
> passwd: files winbind
> shadow: files winbind
> group: files winbind
> hosts: files dns wins
>
> Anyone have some idea of what I am doing wrong? Or where I should start
> looking? The log info for Winbind looks acceptable with no blatant errorsas
> far as I can tell.

You are missing the kerberos setup. It is hard to e-mail advice, but you
need to get a proper ticket issues for the admin user (in AD that is) as
the admin user for samba and then join it.

Kerberos is not for the faint of heart.
--
greg, greg@gregfolkert.net

Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBGMj9T7WZpcbUkaHwRAryKAJ95Yhv0gZrAwuUA6OffqJ O3XEAXuQCggbPH
cTN73rB6uJA0lO4U36Oveb0=
=khcJ
-----END PGP SIGNATURE-----

I am assuming there is more to it than just configuring krb5.conf?
When I run kinit -V username it tells me "Authenticated to Kerberos v5"

Can you recommend where to start reading up on how to go about issuing a
ticket on the AD server? You would think that all of the howto docs out
there would mention this step.

Thanks Greg,

-Jeff.

-----Original Message-----
From: Greg Folkert [mailto:greg@gregfolkert.net]
Sent: Friday, April 27, 2007 11:22 AM
To: debian-user@lists.debian.org
Subject: Re: Joining an Etch AMD64 Samba server to an existing
Windows2003Domain

On Fri, 2007-04-27 at 09:25 -0700, Jeff Thurston wrote:
> I'm hoping someone can give me a clue what I am doing wrong here,
> Running Etch (AMD64), I followed the samba wiki at:
> http://wiki.samba.org/index.php/Samb...#Prerequisites.
> I get mostly good results, except when I try to run 'getent passwd' or
> 'getent group' only local users/groups are listed.
>
> I was able to join the domain: net ads join -U admin_user
> The system shows up in AD under computers on the PDC.
> Afterwards if I do wbinfo -u, wbinfo -g, wbinfo -p, wbinfo -t, wbinfo -a
> ad_user%password - All of those appear to work correctly.
>
> This however seems somewhat fishy, it says "Active Directory: No":
>
> 'wbinfo -D domain.com'
> Name : DOMAIN
> Alt_Name : DOMAIN.COM
> SID : S-XXXXXXXXXXXXXXXXXXXXXX
> Active Directory : No
> Native : No
> Primary : Yes
> Sequence : 2008
>
> My nsswitch.conf looks correct:
> passwd: files winbind
> shadow: files winbind
> group: files winbind
> hosts: files dns wins
>
> Anyone have some idea of what I am doing wrong? Or where I should start
> looking? The log info for Winbind looks acceptable with no blatant errors
as
> far as I can tell.

You are missing the kerberos setup. It is hard to e-mail advice, but you
need to get a proper ticket issues for the admin user (in AD that is) as
the admin user for samba and then join it.

Kerberos is not for the faint of heart.
--
greg, greg@gregfolkert.net

Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org