domain admin will not change password to help me with this. doesnt want to risk it. is there no other way? I have rights to add computers and users to domain, and I just reset my password.Originally Posted by stevea1210
domain admin will not change password to help me with this. doesnt want to risk it. is there no other way? I have rights to add computers and users to domain, and I just reset my password.Originally Posted by stevea1210
After resetting your password, did you try it again?Originally Posted by Draaku
When you are trying to get your ticket, are you using your username/password
(since your password was just reset)?
AFAIK, each place I read about the admin password needing reset, that was always the solution. I don't know of another way around it. I'm not saying it isn't possible, just that I haven't heard of any.
Another option is to try to swet talk the admin on how joining your Ubuntu box to the domain will aid in blah blah. It will make his life blah blah. What's the worst that can happen?
I completed all the steps up to joining the domain. I thought I should be logged in as an actual AD user when I did that, so I created a new user for my username in AD, and then logged in as that user. But then, when I try to do the 'net ads join' command I get this error:
Is this because I set everything up as a different user (who isn't a domain user)?Code:Failed to open /var/lib/samba/secrets.tdb
EDIT: Actually I get this error no matter which user I'm logged in as, when I try to join the domain. Any ideas what's wrong? File permissions maybe?
Last edited by bluemax; March 9th, 2006 at 08:48 PM.
It is the permissions on /var/lib/samba/secrets.tdb. I had that issue also. I chmoded mine to 777, which may be (and probably is) overkill. I wasn't sure if all users needed read/write/execute on it, but that did fix the issue.Originally Posted by bluemax
BTW, this is for my home network, not a corporate environment, so a few 777's isn't as big of a risk as in a corporate setting. If anyone knows what the actual NEEDED permissions on this are, I would be all ears.Code:sudo chmod 777 /var/lib/samba/secrets.tdb
I had the same issue but instead of chmod'ing I simply ran
and that worked great.Code:sudo net ads join
Thanks for all the info in this thread. It truly is a great one.
Followed the guide and everything is working, however each time I log in as a domain user I have to manually issue the kinit command to get a ticket... does anyone have a way around this?
replace pam_winbind.so with pam_krb5.so
Thanks, I'll try that on Monday!
Hi all. I am able to log on using a active directory user and pass. But when i try to connect to any shares via "Connect to Server...", it prompts me for a username and pass. The logged on user and domain is there, its wanting a password. If i type in a password, i am to sucessfully browse the share.Is this normal behaviour? I thought that since i am logging on as a ad user, i would be able to view any shares that the user had permission for? The user is a new user i created on my 2K3 server, and i added them to UnixAdmins. The user works from a XP machine and is able to browse shares, but just not from the Ubuntu box. I can do all this sucessfully too...
* Test domain computer account: net ads testjoin.
* Test winbindd: wbinfo -u to list AD users and wbinfo -g for groups.
* Test kerberized Samba: net ads user and net ads group should show you your AD users and groups (i.e. same as above).
* Test kerberized connection to a remote Windows server: smbclient -L //WINSERVER -k from the Samba server. While you're at it, connect locally to the Samba server the same way.
* Finally, test connectivity from a Windows box: Start -> Run -> \\SAMBASERVER.
* Run wbinfo -t it should return: checking the trust secret via RPC calls succeeded, otherwise you have done somthing wrong (use the command testparm -v to check your samba configuration).
So what am i missing? Thanks in advance. I thought i triple checked all the config changes that this thread called for...
Last edited by wmarchewka; March 18th, 2006 at 06:20 PM.
I found that i am actually having the same trouble as Swab, where i have to manually enter the Kinit command. Scav, you said to replace pam_winbind.so with pam_krb5.so, and i have tried in both the common-auth and common-account and neither seemed to work...
Last edited by wmarchewka; March 20th, 2006 at 03:21 AM.
Bookmarks