09-29-2004
Samba / FreeBSD member server in MSFT 2003 AD domain
By following the Samba.org how-to's and various finds on groups.google.com I've succeeded in getting a FreeBSD (5.2.1-RELEASE) / Samb-3.0.0,1 server in to my MSFT 2003 Active Directory domain as a member server, but there is a little problem I'm having trouble resolving.
Newly created user accounts (read as created after joining the Samba server to the domain) in the AD domain gain access to the Samba shares just fine. However, pre-existing user accounts in the AD domain cannot authenticate to the Samba server properly. They receive an NT_STATUS_LOGON_FAILURE.
#kinit newADuser
receives a kerberos key successfully, and
#wbinfo --authenticate=newADuser%'userspassword'
authenticates successfully in all cases.
There is some mention of having to change the passwords of users after some setup step in order to get things working correctly, which I have tried, but it makes no change. My new AD users work, my old ones don't.
This acts like its something I need to do on the Microsoft AD side.
Anyone's experience or ideas on where to find more info would be greatly appreciated.
- CCY
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I have a samba server and a raid SAN which is actually running samba. Neither one lets me access anything on the samba unix side. I really do not know where to look anymore. there are no errors. When I try to connect to the samba server I get prompted with login and password repeatedly.
Frank (4 Replies)
Discussion started by: frankkahle
4 Replies
2. UNIX for Advanced & Expert Users
Hi,
I need to create a script that executes weekly in a Unix server to collect data from new files added in certain directories. Then i need to send that data to an MS Access data base (planning to migrate to SQL Server 2005) located in a MS Server 2003.
So my question is how can i send the... (1 Reply)
Discussion started by: Metalero de Oz
1 Replies
3. Red Hat
Hi all,
I'm having some problems with joining an active directory domain as a member. My Linux servers using the same configuration across the board are all joining as domain controllers, which is bad.
I am running Samba 3.0.25b-0.4E.6 on all of my RHEL servers.
Here is my global... (1 Reply)
Discussion started by: Bert
1 Replies
4. UNIX for Advanced & Expert Users
Hi, I have been looking for information on how to make a Windows 2003 server use the user database of an existing Samba installation.
What I want is to use the Win3K as a (second) file server allowing users (using Win2K & Win XP computers) to access its shares using their existing user... (0 Replies)
Discussion started by: jcd
0 Replies
5. Homework & Coursework Questions
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
I have a barebones XP Pro SP2 with no firewall.
CentOS 5.xx running a Samba 3.xx Domain (PDC)
The XP machine... (2 Replies)
Discussion started by: pogipants
2 Replies
6. UNIX for Dummies Questions & Answers
Hello people i have a samba and they changed domain controller from a windows 2003 to a windows 2008, there is a problem with the version of samba maybe incompatibilities i dont know what show me this
domain_client_validate: unable to validate password for user xxxx in domain xxxx to Domain... (0 Replies)
Discussion started by: enkei17
0 Replies
7. Debian
Hello,,,
We have an existing(working) MS PDC in our office.
I have already installed SAMBA with LDAP Authentication on a TEST machine (on same LAN).
But, am unable to join a WinXP machine to this domain.
in smb.conf i have:
WORKGROUP = mydomain
and tried to join the XP machine to... (0 Replies)
Discussion started by: coolatt
0 Replies
8. Windows & DOS: Issues & Discussions
Hello,
I have apparently lost all domain admin privledges in Samba. I have had several problems ever since I installed the 1/31 Solaris patch cluster. I had to roll out one Samba update (146363-01), which denied all logons network access. However, this particular problem seems to have begun... (0 Replies)
Discussion started by: stringman
0 Replies
9. UNIX and Linux Applications
Hi,
i have a server installed samba+openldap (pdc). Need to migration windows server 2003 (active directory) object users, computers.
Where you can read how to do it? Or can tell me how to do it?
Thanks.
P.S. Sorry for bad english (0 Replies)
Discussion started by: ap0st0l
0 Replies
10. UNIX for Dummies Questions & Answers
Hello!
Never configured a Linux server from a scratch.
Reviewed the official documentation and dozens of different "how to", but now one of them helped me to solve the issue.
The need:
My final goal is to install a small network (later with around 10 stations) where I can controle the... (0 Replies)
Discussion started by: AQwert
0 Replies
LEARN ABOUT XFREE86
idmap_ad
IDMAP_AD(8) System Administration tools IDMAP_AD(8)
NAME
idmap_ad - Samba's idmap_ad Backend for Winbind
DESCRIPTION
The idmap_ad plugin provides a way for Winbind to read id mappings from an AD server that uses RFC2307/SFU schema extensions. This module
implements only the "idmap" API, and is READONLY. Mappings must be provided in advance by the administrator by adding the
posixAccount/posixGroup classes and relative attribute/value pairs to the user and group objects in the AD.
IDMAP OPTIONS
range = low - high
Defines the available matching UID and GID range for which the backend is authoritative. Note that the range acts as a filter. If
specified any UID or GID stored in AD that fall outside the range is ignored and the corresponding map is discarded. It is intended as
a way to avoid accidental UID/GID overlaps between local and remotely defined IDs.
schema_mode = <rfc2307 | sfu >
Defines the schema that idmap_ad should use when querying Active Directory regarding user and group information. This can be either the
RFC2307 schema support included in Windows 2003 R2 or the Service for Unix (SFU) schema.
EXAMPLES
The following example shows how to retrieve idmappings from our principal and trusted AD domains. If trusted domains are present id
conflicts must be resolved beforehand, there is no guarantee on the order conflicting mappings would be resolved at this point. This
example also shows how to leave a small non conflicting range for local id allocation that may be used in internal backends like BUILTIN.
[global]
idmap backend = tdb
idmap uid = 1000000-1999999
idmap gid = 1000000-1999999
idmap config CORP : backend = ad
idmap config CORP : range = 1000-999999
AUTHOR
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open
Source project similar to the way the Linux kernel is developed.
Samba 3.5 06/18/2010 IDMAP_AD(8)