Comments on: How to Integrate windows Active Directory and Samba in Ubuntu

By: Domain

Domain — Fri, 11 Jun 2010 13:50:05 +0000

Will give this a try, thanks again for sharing this great tutorial.=) cheers!

By: Antoine

Antoine — Tue, 13 Apr 2010 10:52:54 +0000

You can add

obey pam restrictions = yes

in smb.conf. If you use this, the home directory is created by pam when a user connect to his home directory shared with samba

Sorry for my english.

By: admin

admin — Thu, 25 Mar 2010 16:23:52 +0000

@Amanibhavam

Thankyou i have corrected the problem

By: Amanibhavam

Amanibhavam — Thu, 25 Mar 2010 16:14:03 +0000

In the nsswitch.conf edits there’s a linebreak problem. Instead of

passwd: compat
winbindgroup: compat winbind

It should read

passwd: compat winbind
group: compat winbind

most of the login incorrect problems reported by the commenters are likely to be caused by this edit problem.

By: Johnny

Johnny — Fri, 22 Jan 2010 16:19:10 +0000

What is the best way to implement ADS/Samba intergration?

By: Ricardo

Ricardo — Mon, 12 Oct 2009 22:01:22 +0000

Thank You!!!, this guide is very simple and usefull, i was trying many days validate samba in W2k8, until found this guide

By: Directory

Directory — Thu, 05 Feb 2009 16:14:38 +0000

Very informative article, which I found quite useful. Cheers ,Jay

By: Ken Leja

Ken Leja — Mon, 12 Jan 2009 06:08:38 +0000

# Ken Leja Says: Your comment is awaiting moderation.
January 12th, 2009 at 6:00 am

I was getting the following errors in auth.log and could not login as administrator without getting an error on login “User not known to the underlying authentication module”
auth.log:
Jan 11 22:33:44 myserver login[5180]: pam_winbind(login:auth): getting password (0×00000000)
Jan 11 22:33:44 myserver login[5180]: pam_winbind(login:auth): user ‘ADMINISTRATOR’ granted access
Jan 11 22:33:44 myserver login[5180]: pam_unix(login:account): could not identify user (from getpwnam(administrator))
Jan 11 22:33:44 myserver login[5180]: User not known to the underlying authentication module

This turned out to be an issue with nsswitch.conf so I tweaked it as follows after reading the following HOWTO http://localhost:901/swat/help/Samba3-HOWTO/FastStart.html in SWAT. Change the following lines as shown.

nsswitch.conf:
passwd: compat winbind
group: compat winbind
hosts: files dns wins winbind

My appologies I pasted the wrong text in the previous post.

By: Craig

Craig — Sat, 20 Dec 2008 13:07:13 +0000

Hi Everyone,

I picked up an issue when using Likewise-open and the above how-to to get my Samba shares to use ADS integration. It kept on prompting for a password and the ADS usernames did not work!

I am currently running child domains on Server 2003 R2 platform. This changes the ADS schema and the ‘net ads join ….’ command does not allow you to join the domain.

If you used Likewise-open to join the domain. Please use this tutorial:

http://www.likewisesoftware.com/resources/user_documentation/Likewise-Samba-Guide.pdf

You do not need to change the krb5.conf, nsswith.conf or the PAM authentication config files at all!

I hope this saves someone from the late nights I went through to find it.

Regards,

Craig

By: STAARTech

STAARTech — Thu, 11 Dec 2008 01:05:09 +0000

I followed the procedure, rebooted the server.

I try and log in as a user and get the message that my password will expire in 9 days (which is correct, my AD password is due to expire).
I click on OK and then get a message: “Incorrect User name or password, letter must be typed in the correct case”
and am back at login.

But I did, AD authenticated, so why am I being blocked?

By: Fr33d0m

Fr33d0m — Fri, 05 Dec 2008 23:37:29 +0000

To answer my question above, you do indeed need to use your local domain name where DOMAIN.INTERNAL is listed. But I can confirm that something after the krb5.conf edits above breaks login for me. I cp’d every file to a .orig file first so it was easy to revert.

By: Fr33d0m

Fr33d0m — Thu, 04 Dec 2008 22:32:27 +0000

A little clarity may be in order here.

As I see it since you only once say to change something you typed:

Note:- replace ug01 netbios name with your own

That indicates to me that everything else is entered verbatim. For example instead of entering my own domain information where you have DOMAIN.INTERNAL, I enter DOMAIN.INTERNAL.

This seems wrong to me. I don’t honestly know how to proceed. It gets more maddening in krb5.conf because: 1. it seems to have been populated with my FQDN where you say I should enter DOMAIN.INTERNAL, 2. you’ve used DOMAIN.INTERNAL and domain.internal
and 3. the some of the lines are only vaguely similar but enough so that I think they suffice for what you say to enter.

So off I go looking for some other tutorial to compare with. I’m sure to be more confused by the end of all this.

By: Scott

Scott — Thu, 20 Nov 2008 18:04:23 +0000

This is great! It used to be so difficult to get this working in past releases; thanks for researching and showing the simple procedure that works!

I did see one little problem: the “skel” directory is not specified correctly in /etc/pam.d/common-session; it should be:
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
Otherwise, the newly created home directory is not populated correctly.

By: PerfMonk

PerfMonk — Wed, 12 Nov 2008 15:34:52 +0000

Sorry,

I just found out it was OK.

My mistake,
Forget precedent post!

Happy finger triggered too fast…

By: PerfMonk

PerfMonk — Wed, 12 Nov 2008 15:19:49 +0000

Hi,

You said

Take a backupof existing file

sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig

Create a link to /var/lib/samba

sudo ln -s /etc/samba/secrets.tdb /var/lib/samba

Could it be possible that the command is “cp” instead of “mv” in the first sudo. Otherwise the next link won’t work either.

Regards,

Bernard Tremblay

By: Justin

Justin — Mon, 10 Nov 2008 04:58:30 +0000

Thank you very much for sharing this.
I’ve just followed this instruction to integrate Windows AD with Ubuntu (7.10) but failed.
It won’t let me login after I reboot Ubuntu and always says “Login incorrect”.

Any idea?

Thanks again.

By: Vinod

Vinod — Fri, 07 Nov 2008 16:15:25 +0000

WOW, something i was searching for long… let me test it
I hope it will work with Readhat LInux also

Regards,
Vinod

By: Ramesh

Ramesh — Mon, 03 Nov 2008 20:38:10 +0000

Awesome.. I was looking for this nearly for an year now.. Let me give a try in a couple of days. Good Job, keep it up..!!!

Cheers
Ramesh

By: Paul Rogerson

Paul Rogerson — Mon, 03 Nov 2008 19:33:36 +0000

Sorry to be obtuse but:

For the smb.conf you say to change the parameters, but those do not seem to be in the default config. Is that the resulting config, i.e. the whole of smb.conf? I assume we also need to change the DOMAIN values to match our environment?

Similar questions for the krb5.conf file.