I can't connect to Samba share with Active Directory Credentials

tomtcs
tomtcs used Ask the Experts™
on
I can't seem to connect using any of my current active directory users to my samba share on my CentOS5 server.  I can authenticate and login to SSH sessions via Active Directory credentials, but i can't see any of my shared folders with the Active Directory Credentials.  I must be doing something wrong, but can't seem to figure it out.  To make things even more interesting, it will fail immediately if i type username as domain+username and the password.  It will decisively just kick me out of the system.  Where as if i just type the username and password it will keep asking me for the information time and time again.  i have enclosed copies of the KRB5.conf Smb.conf and nsswitch.conf files
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files winbind ldap compat
shadow:     files winbind ldap compat
group:      files winbind ldap compat

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files winbind
rpc:        files winbind
services:   files

netgroup:   nisplus winbind

publickey:  nisplus

automount:  files winbind nisplus
aliases:    files nisplus

Open in new window

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = AAANC.LOCAL
 dns_lookup_realm = true
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 AAANC.LOCAL = {
  kdc = AAAS1.AAANC.LOCAL
  kdc = AAAS2.AAANC.LOCAL
  admin_server = AAAS1.AAANC.LOCAL
  admin_server = AAAS2.AAANC.LOCAL
  default_domain = aaanc.local
 }

[domain_realm]
 .aaanc.local = AAANC.LOCAL
 aaanc.local = AAANC.LOCAL

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

Open in new window

[global]
        log file = /var/log/samba/%m.log
        idmap gid = 9990-1000000
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*succes
sfully*
        allow trusted domains = no
        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
        obey pam restrictions = yes
        winbind trusted domains only = yes
        idmap backend = idmap_rid:COMPANY=9990-1000000
        encrypt passwords = yes
        winbind use default domain = yes
        realm = AAANC.LOCAL
        passwd program = /usr/bin/passwd %u
        template shell = /bin/bash
        dns proxy = no
        netbios name = MRMPCS
        server string = MRMPCS
        idmap uid = 9990-1000000
        unix password sync = yes
        template homedir = /home/%U
        workgroup = aaanc
        os level = 20
        server signing = yes
        security = ads
        winbind separator = +
        max log size = 50
        pam password change = yes
        username map = /etc/samba/smbusers
        password server = AAAS1.AAANC.LOCAL
;       guest ok = no
;       guest account = nobody
#smb passwd file = /etc/samba/smbpasswd
        template primary group = "Domain Users"

        [homes]
        comment = Home Directories
        browseable = no
        writeable = yes
        inherit acls = yes
        inherit permissions = yes
        create mask = 700
        directory mask = 700
        valid users = @aaanorthamptoncounty
        admin users = @aaanorthamptoncounty

[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
        printable = yes
        inherit acls = yes
        inherit permissions = yes
        create mask = 700
        directory mask = 700
        valid users = @aaanorthamptoncounty

[aaatmp]
        path = /usr/AAA/tmp
        public = yes
        only guest = no
        writable = yes
        printable = no
        inherit acls = yes
        inherit permissions = yes
        create mask = 700
        directory mask = 700
        valid users = @aaanorthamptoncounty

[userhome]
        path = /home
        public = yes
        writable = yes
        inherit acls = yes
        inherit permissions = yes
        create mask = 700
        directory mask = 700
        valid users = @aaanorthamptoncounty

Open in new window

ldap.conf

host 192.168.10.1
host 192.168.10.2
base dc=aaanc,dc=local
uri ldap://aaas1.aaanc.local/ ldap://aaas2.aaanc.local/
binddn administrator@aaanc.local
bindpw my_killer_password
scope sub
nss_base_passwd dc=aaanc,dc=local?sub
nss_base_shadow dc=aaanc,dc=localsub
nss_base_group dc=aaanc,dc=local?sub?&(objectCategory=group)(gidnumber=*)
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_objectclass posixGroup group
nss_map_attribute gecos cn
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute uniqueMember member

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
[2010/07/02 12:34:08, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client 192.168.8.4. Error = Connection reset by peer
Jason WatkinsIT Project Leader

Commented:
Hi,

Is Samba using Active Directory for user authentication? typically Samba uses it's own database for that.

Author

Commented:
I'm trying to use active directory for authentication.
Jason WatkinsIT Project Leader

Commented:
Sure, but my question is; does Samba know that?

Author

Commented:
Well...that's my question...I'm not sure...thus why I attached my conf files. I think samba is setup to use ldap but not positive
IT Project Leader
Commented:
I think this is what you are looking for; http://www.howtoforge.com/samba_ads_security_mode

Author

Commented:
Still nothing works so far... Spent a few days on this project so far and no luck...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial