were you able to resolve the problem and not get lock out again?
were you able to resolve the problem and not get lock out again?
Thanks to everyone who has contributed to this thread. I've followed the instructions and have managed to set up a (mostly) working samba file share using my Windows 2003 Active Directory to authenticate users.
The only problem I still have is that when users create files on the share, the username that they are created under is always listed as 'root', instead of their actual username. This seems to be resulting in some files being not writable by the same user that created them.
All of the users who have access to the smb share are members of the same AD Group 'HCLOffice', and any file created by a member of that group should be readable and writable by other members of the group.
The relevant section of my smb.conf file is as follows:
Code:[GIS] path = /shared/GIS comment = GIS Data browseable = yes writable = yes ; public = yes valid users = @"HATCON/Domain Users" admin users = @"HATCON/HCLOffice" read list @"HATCON/Domain Users" write list = @"HATCON/Domain Users"
If anyone has any suggestions about how I should change this section, I would be eternally grateful!
Yes. I was playing with the common-auth (commenting things out do to issues I thought were related to PAM) and suddenly after a reboot, I couldn't sign on. So I booted up with the system rescue cd and changed everything back. Voila! I was able to sign back on.
got it fixed... does the order of lines make a differnece?
Last edited by ziggie216; May 24th, 2007 at 09:18 AM.
whew....I started as a total linux/ubuntu noob to connecting to AD
Everything went fine.
I can see my server in Network Places except I have domain and domain.org listed where domain contains all my Windows machines and domain.org which contains samba. It prompts for a login but nothing works
I've tried:
user
domain\user
host\user
user@domain.org
local\root
local\localuser
I changed the winbind from + to \ and tried all the above
can't get'er logged in
I can see my server in ADUC.
btw.....SBS2003 as my PDC
trying to connect Fiesty on an ooooold compaq proliant so no gnome gui
do I even need to connect samba to AD in order to use this as a simple print server? I already have CUPS configured. I just want to be able to use hte printer directory in XP to pick a printer.
Last edited by eveljkov; June 14th, 2007 at 01:11 AM.
does anyone know if the domain functional level in 2003 server has to be left at default "2000 mixed" mode? i am running "2003 mode" as all my servers are 2003. anyone that has successfully joined their ubu svr can you check your level in 2k3 server? (goto admin tools --> active directory domains and trusts --> right click domain name and click on "raise functional level and it tell you current mode and give upgrade options)
i am getting an error when i try to add the ubu server in step 8 "Join the system to the; net ads join -U domainadminuser@DOMAIN.INTERNAL"
i get error:
" sudo net ads join -U admin@DOMAIN.INTERN
Password:
admin@IDOMAIN.INTERN's password:
Using short domain name -- DOMAIN
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Disabled account for 'UBUSVR1' in realm 'DOMAIN.INTERN'
i look on the AD server and find the computer name for the ubu server and it is indeed DISABLED. i enable, and then run the command again from ubu svr to add and AD disabled again.
obviously its something on the micro$haft side in AD disabling the account. off the top of my head i would think it is perhaps because i am running in 2003 mode instead of mixed mode for compatibility with 2k and NT servers...
any thoughts?
thanks!
ok figure out my problem.
DNS on the w2k3 machines didnt have any A or PTR for the ubu machine, even though DHCP on a w2k3 machine handed it out (and we have DNS set to update both secure and nonsecure, woudl figure it would have entered it in when DHCP gave out the address)
EDIT: Didn't enable the correct repository. Disregard my post below ...
Hey this is going to sound goofy but I followed the guide for installing the Kerberos portion last week on a test box and now repeating the same process today to move into production, I'm not able to get the krb5-user package installed.
I have allowed the universe and multiverse in /etc/apt/sources.list but when I attempt the install with sudo apt-get install krb5-user I get this :
bensode@samba1:~$ sudo apt-get install krb5-user
Reading package lists... Done
Building dependency tree... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
Since you only requested a single operation it is extremely likely thatEDIT: Didn't enable the correct repository. Disregard my post below ...
the package is simply not installable and a bug report against
that package should be filed.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
krb5-user: Depends: libkrb53 (= 1.4.3-5) but 1.4.3-5ubuntu0.3 is to be installed
Depends: libkadm55 (= 1.4.3-5) but 1.4.3-5ubuntu0.3 is to be installed
E: Broken packages
EDIT: Didn't enable the correct repository. Disregard my post aboce ...
Last edited by bensode; June 25th, 2007 at 07:16 PM. Reason: Found my own mistake
I just wanted to post to let everyone know that I just finished a VMWare test of the AD/Ubuntu integration. I created a Windows 2003 Enterprise server install and updated it to Service Pack 2. I installed Active Directory and left it as-is. I then installed Ubuntu 7.04 Desktop (latest downloaded ISO) in another VMWare disk. Using the directions from page 1 I have this server authenticating perfectly against the active directory. I can log in at the GDM just fine.
Thanks,
-Richard
I use both Windows and Linux. Is that a crime? || Ubuntu User # 16597
Bookmarks