PDA

View Full Version : Samba/Winbind just stops authenticating to AD

GrammatonCleric
February 10th, 2007, 05:22 AM
I have a Dell 2950 server with Ubuntu 6.06 server installed on it. Everything is running fine with the exception of Samba/Winbind interacting with a Windows Active Directory in the mixed mode. The server in question has been joined to the AD and works...for a time. Eventually, not sure why, the server just stops authenticating against the AD. If I restart the server's winbind service AD authentication returns. I can't seem to find anything in the logs that points to the issue . Any ideas as to what is causing the server to stop authenticating would be most welcome!


-GC
elst
February 10th, 2007, 04:17 PM
Read up a bit on the Kerberos client utilities (kinit etc.), and the next time that it stops working try some diagnostics with those. It may also be worth checking:

a) Process activity (with top).
b) The Windows server (Event Viewer etc.)

Since this is tricky to troubleshoot, try asking on IRC and you may be able to find someone that can work through the issue with you.
tstrowd
February 11th, 2007, 08:54 PM
So you have Ubuntu clients authenicating to active directory? If so how did you do that in the first place. I have been trying to do that for a while but never got any answers.
localzuk
February 11th, 2007, 10:07 PM
It is in the wiki - Search for ActiveDirectory on wiki.ubuntu.com
GrammatonCleric
February 12th, 2007, 01:09 AM
So you have Ubuntu clients authenicating to active directory? If so how did you do that in the first place. I have been trying to do that for a while but never got any answers.

I actually followed the following post....

http://www.ubuntuforums.org/archive/index.php/t-91510.html

...and tweaking it for my AD. Also for each share in your smb.conf the way you add the user groups is as follows....


[public]
comment = Public Share
path = /home/DOMAIN/Public
valid users = @"DOMAIN+Domain Admins", @"DOMAIN+U_GROUP_FOO"
admin users = @"DOMAIN+Domain Admins", @"DOMAIN+U_GROUP_FOO"
create mask = 0700
inherit acls = yes
inherit permissions = yes
create mask = 0700
directory mask = 0700
writeable = yes


or another way to specify the user groups per share is....



[public]
comment = Public Share
path = /home/DOMAIN/Public
admin users = @"Domain Admins"
valid users = @"Domain Users"
create mask = 0700
directory mask = 0700
inherit acls = yes
inherit permissions = yes
writable = yes


-GC