Have you configured NSS and PAM to use winbindd?

Are you trying to use a PDC or Active Directory LDAP/Kerberos? =20
- PDC supports NTLM for authentication, which is old school Windows =
NT.
- Active Directory supports Kerberos for authentication.

I haven't yet used the AD plug-in. I think that the LDAP schema needs =
to be modified to support UNIX data like gid/uid, shell, etc. There's =
an AD4Unix open source solution that I think can add the compatible =
schema. The AD plug-in also I will reconfigure PAM to use Apple's =
module, you need to configure PAM to use SAMBA's windbindd instead. =
Also before this, you must establish authentication through Kerberos, =
testing with kinit, and configuring Kerberos on the client. You might =
need to export a keytab that corresponds to a Windows service principal =
name(s) (user account with name that represents host client and services =
offered by host client) using ktpass on the Windows domain controller, =
and import this keybtab securing into the client that needs to access =
Windows domain controller.

As for Mac OS X, I am pretty sure they support the older SAMBA 2.0, =
which does not have support for Active Directory, other than through a =
PDC emulator operations masters on Windows 2000 or Windows Server 2003 =
domain controller.

Also, you say you are using SAMBA 3.0.20. Did you compile this on the =
Macintosh?

- Joaquin

-----Original Message-----
From: samba-bounces+letz_samba=3Drealmspace.com@lists.samba.or g =
[mailto:samba-bounces+letz_samba=3Drealmspace.com@lists.samba.or g] On =
Behalf Of David Martinez
Sent: Tuesday, December 06, 2005 8:25 AM
To: samba@lists.samba.org
Subject: [Samba] Mac OS X clients not binding to a Samba+LDAP PDC

Hi there !

This is my first post and I really would like to have this stuff working =
....
if not, I should go to Win2k3 server .... please help me to avoid it =
!!!!

I've been trying to integrate Mac OS X (10.3) clients to my Samba server
through the Active Directory Plugin with no success. This PDC is =
currently
working for 90 PC's with XP SP2.


My server is well configured from the DNS (or I think so):

ns A 192.168.101.50
ldap A 192.168.101.50
pruebas A 192.168.101.50
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs SRV 0 100 389
pruebas.valeeuro.com
_ldap._tcp.dc._msdcs SRV 0 100 389 pruebas.valeeuro.com
_ldap._tcp.aab455e4-bbb2-408b-a097-bb359f315574.domains._msdcs SRV 0 =
100
389 pruebas.valeeuro.com
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs SRV 0 100 389
pruebas.valeeuro.com
_ldap._tcp.gc._msdcs SRV 0 100 389 pruebas.valeeuro.com
_ldap._tcp.pdc._msdcs SRV 0 100 389 pruebas.valeeuro.com
_gc._tcp.Default-First-Site-Name._sites SRV 0 100 389
pruebas.valeeuro.com
_ldap._tcp.Default-First-Site-Name._sites SRV 0 100 389
pruebas.valeeuro.com
_gc._tcp SRV 0 100 389 pruebas.valeeuro.com
_ldap._tcp SRV 0 100 389 pruebas.valeeuro.com

When I try to bind the Mac computer to the domain it stops on step 3 and
sends an error "Invalid username and password"

As I see, the Mac is trying to connect using kerberos authentication, =
which
I dont know how to configure on the samba+ldap!!
=BFHow do I enable kerberos authentication on my LDAP+SAMBA+Linux =
server?


My configuration:
samba 3.0.20
openldap 2.2.23 (openldap is the backend for samba)
bind 9.3
linux fedora core 4


Thanks in advance !!!


Saludos
David

--
Saludos
David
--=20
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba