I can't connect to Samba share with Active Directory Credentials

tomtcs used Ask the Experts™
I can't seem to connect using any of my current active directory users to my samba share on my CentOS5 server.  I can authenticate and login to SSH sessions via Active Directory credentials, but i can't see any of my shared folders with the Active Directory Credentials.  I must be doing something wrong, but can't seem to figure it out.  To make things even more interesting, it will fail immediately if i type username as domain+username and the password.  It will decisively just kick me out of the system.  Where as if i just type the username and password it will keep asking me for the information time and time again.  i have enclosed copies of the KRB5.conf Smb.conf and nsswitch.conf files
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files winbind ldap compat
shadow:     files winbind ldap compat
group:      files winbind ldap compat

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files winbind
rpc:        files winbind
services:   files

netgroup:   nisplus winbind

publickey:  nisplus

automount:  files winbind nisplus
aliases:    files nisplus

Open in new window

 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

 default_realm = AAANC.LOCAL
 dns_lookup_realm = true
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 forwardable = yes

  admin_server = AAAS1.AAANC.LOCAL
  admin_server = AAAS2.AAANC.LOCAL
  default_domain = aaanc.local

 .aaanc.local = AAANC.LOCAL
 aaanc.local = AAANC.LOCAL

 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false

Open in new window

        log file = /var/log/samba/%m.log
        idmap gid = 9990-1000000
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*succes
        allow trusted domains = no
        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
        obey pam restrictions = yes
        winbind trusted domains only = yes
        idmap backend = idmap_rid:COMPANY=9990-1000000
        encrypt passwords = yes
        winbind use default domain = yes
        realm = AAANC.LOCAL
        passwd program = /usr/bin/passwd %u
        template shell = /bin/bash
        dns proxy = no
        netbios name = MRMPCS
        server string = MRMPCS
        idmap uid = 9990-1000000
        unix password sync = yes
        template homedir = /home/%U
        workgroup = aaanc
        os level = 20
        server signing = yes
        security = ads
        winbind separator = +
        max log size = 50
        pam password change = yes
        username map = /etc/samba/smbusers
        password server = AAAS1.AAANC.LOCAL
;       guest ok = no
;       guest account = nobody
#smb passwd file = /etc/samba/smbpasswd
        template primary group = "Domain Users"

        comment = Home Directories
        browseable = no
        writeable = yes
        inherit acls = yes
        inherit permissions = yes
        create mask = 700
        directory mask = 700
        valid users = @aaanorthamptoncounty
        admin users = @aaanorthamptoncounty

        comment = All Printers
        path = /var/spool/samba
        browseable = no
        printable = yes
        inherit acls = yes
        inherit permissions = yes
        create mask = 700
        directory mask = 700
        valid users = @aaanorthamptoncounty

        path = /usr/AAA/tmp
        public = yes
        only guest = no
        writable = yes
        printable = no
        inherit acls = yes
        inherit permissions = yes
        create mask = 700
        directory mask = 700
        valid users = @aaanorthamptoncounty

        path = /home
        public = yes
        writable = yes
        inherit acls = yes
        inherit permissions = yes
        create mask = 700
        directory mask = 700
        valid users = @aaanorthamptoncounty

Open in new window


base dc=aaanc,dc=local
uri ldap://aaas1.aaanc.local/ ldap://aaas2.aaanc.local/
binddn administrator@aaanc.local
bindpw my_killer_password
scope sub
nss_base_passwd dc=aaanc,dc=local?sub
nss_base_shadow dc=aaanc,dc=localsub
nss_base_group dc=aaanc,dc=local?sub?&(objectCategory=group)(gidnumber=*)
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_objectclass posixGroup group
nss_map_attribute gecos cn
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute uniqueMember member

Open in new window

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®


[2010/07/02 12:34:08, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client Error = Connection reset by peer
Jason WatkinsIT Project Leader


Is Samba using Active Directory for user authentication? typically Samba uses it's own database for that.


I'm trying to use active directory for authentication.
Jason WatkinsIT Project Leader

Sure, but my question is; does Samba know that?


Well...that's my question...I'm not sure...thus why I attached my conf files. I think samba is setup to use ldap but not positive
IT Project Leader
I think this is what you are looking for; http://www.howtoforge.com/samba_ads_security_mode


Still nothing works so far... Spent a few days on this project so far and no luck...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial