Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

I can't connect to Samba share with Active Directory Credentials

Avatar of tomtcs
tomtcsFlag for United States of America asked on
DatabasesFile Sharing SoftwareActive Directory
8 Comments1 Solution1020 ViewsLast Modified:
I can't seem to connect using any of my current active directory users to my samba share on my CentOS5 server.  I can authenticate and login to SSH sessions via Active Directory credentials, but i can't see any of my shared folders with the Active Directory Credentials.  I must be doing something wrong, but can't seem to figure it out.  To make things even more interesting, it will fail immediately if i type username as domain+username and the password.  It will decisively just kick me out of the system.  Where as if i just type the username and password it will keep asking me for the information time and time again.  i have enclosed copies of the KRB5.conf Smb.conf and nsswitch.conf files
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files winbind ldap compat
shadow:     files winbind ldap compat
group:      files winbind ldap compat

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files winbind
rpc:        files winbind
services:   files

netgroup:   nisplus winbind

publickey:  nisplus

automount:  files winbind nisplus
aliases:    files nisplus
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

 default_realm = AAANC.LOCAL
 dns_lookup_realm = true
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 forwardable = yes

  admin_server = AAAS1.AAANC.LOCAL
  admin_server = AAAS2.AAANC.LOCAL
  default_domain = aaanc.local

 .aaanc.local = AAANC.LOCAL
 aaanc.local = AAANC.LOCAL

 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
        log file = /var/log/samba/%m.log
        idmap gid = 9990-1000000
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*succes
        allow trusted domains = no
        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
        obey pam restrictions = yes
        winbind trusted domains only = yes
        idmap backend = idmap_rid:COMPANY=9990-1000000
        encrypt passwords = yes
        winbind use default domain = yes
        realm = AAANC.LOCAL
        passwd program = /usr/bin/passwd %u
        template shell = /bin/bash
        dns proxy = no
        netbios name = MRMPCS
        server string = MRMPCS
        idmap uid = 9990-1000000
        unix password sync = yes
        template homedir = /home/%U
        workgroup = aaanc
        os level = 20
        server signing = yes
        security = ads
        winbind separator = +
        max log size = 50
        pam password change = yes
        username map = /etc/samba/smbusers
        password server = AAAS1.AAANC.LOCAL
;       guest ok = no
;       guest account = nobody
#smb passwd file = /etc/samba/smbpasswd
        template primary group = "Domain Users"

        comment = Home Directories
        browseable = no
        writeable = yes
        inherit acls = yes
        inherit permissions = yes
        create mask = 700
        directory mask = 700
        valid users = @aaanorthamptoncounty
        admin users = @aaanorthamptoncounty

        comment = All Printers
        path = /var/spool/samba
        browseable = no
        printable = yes
        inherit acls = yes
        inherit permissions = yes
        create mask = 700
        directory mask = 700
        valid users = @aaanorthamptoncounty

        path = /usr/AAA/tmp
        public = yes
        only guest = no
        writable = yes
        printable = no
        inherit acls = yes
        inherit permissions = yes
        create mask = 700
        directory mask = 700
        valid users = @aaanorthamptoncounty

        path = /home
        public = yes
        writable = yes
        inherit acls = yes
        inherit permissions = yes
        create mask = 700
        directory mask = 700
        valid users = @aaanorthamptoncounty

base dc=aaanc,dc=local
uri ldap://aaas1.aaanc.local/ ldap://aaas2.aaanc.local/
binddn administrator@aaanc.local
bindpw my_killer_password
scope sub
nss_base_passwd dc=aaanc,dc=local?sub
nss_base_shadow dc=aaanc,dc=localsub
nss_base_group dc=aaanc,dc=local?sub?&(objectCategory=group)(gidnumber=*)
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_objectclass posixGroup group
nss_map_attribute gecos cn
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute uniqueMember member
Avatar of Jason Watkins
Jason WatkinsFlag of United States of America imageIT Project Leader

Our community of experts have been thoroughly vetted for their expertise and industry experience.

This problem has been solved!
Unlock 1 Answer and 8 Comments.
See Answers