Ubuntu
ubuntu-docs package

Samba Active Directory Integration for 9.04 Not Working

Bug #463279 reported by Ross Peoples
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu Server Guide
Won't Fix
Undecided
Adam Sommer
ubuntu-docs (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: ubuntu-docs

Following the directions here: https://help.ubuntu.com/9.04/serverguide/C/samba-ad-integration.html

I can join the domain and edit the smb.conf file according to documentation, but XP keeps asking for a username and password, so Samba will not authenticate properly. I'm using likewise-open5.

My samba log keeps showing me these lines:
[2009/10/29 09:02:20, 1] libads/kerberoes_verify.c:ads_secrets_verify_ticket(254)
  ads_secrets_verify_ticket: failed to fetch machine password
[2009/10/29 09:02:20, 1] smbd/sesssetup.c:reply_spnego_kerberos(350)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!

Ubuntu 9.04
likewise-open5: 5.0.3991.1-0ubuntu2
I expect: A user on XP logged into a domain to access a share on my Ubuntu machine without asking for a username/password because the server automatically authenticates against active directory.
What happend instead: XP keeps asking me for a username/password. Server producing error messages in log.

Tags: serverguide
Revision history for this message
Adam Sommer (asommer) wrote :

Thanks for reporting this bug, and helping make Ubuntu better. Just to double check you have joined the AD domain using likewise-open5, and can authenticate using an AD account on the Ubuntu machine?

From the error, the Ubuntu machine doesn't know about the XP workstation. To my knowledge Samba will still need to have a machine account for each workstation connecting to a share. Can you double check your "add machine script" option in /etc/samba/smb.conf and make sure it is able to add an account?

Thanks again.

Revision history for this message
Ross Peoples (deejross) wrote :

I have properly joined the domain and I can run these commands successfully:
wbinfo -t
wbinfo -u
wbinfo -g

I ended up leaving the domain and removing likewise-open5, and just editing all the config files myself, as the machine is going into production now and I didn't have time to wait for any replies.

Revision history for this message
Ross Peoples (deejross) wrote :

About the "add machine script" part. The documentation didn't mention anything about that. I joined the domain with the Gnome GUI version of likewise-open5 and made that link like the docs said, and that was it.

Even doing everything manually, I don't have an "add machine script" or anything and Samba is working fine in our domain now. I was IRC talking with someone about this and the "add machine script" was mentioned by him mistakenly, as he thought this server was a controller or something, but it's not. It's supposed to be a domain "member", not a controller. So the only thing Samba should care about in this instance is that the user authenticates properly for the shares. The Win2003 domain controllers are the only things that should care about machine accounts.

Revision history for this message
Adam Sommer (asommer) wrote :

I was wrong about the "add machine script", I believe it should get the machine names from AD once the domain has been joined. I'll leave this bug open as a reminder to update the likewise section for version 5.

Thanks again for reporting this bug.

Changed in ubuntu-docs (Ubuntu):
assignee: nobody → Adam Sommer (asommer)
status: New → Triaged
tags: added: serverguide
removed: ad ads likewise samba windows
Revision history for this message
Noritz (nritz) wrote :

I think, the Ubuntu-manual is to short and dont consider all necassry points.
For example winbind is not running correct.

I have also use the Likewise-Manual (http://www.likewise.com/resources/user_documentation/Likewise-Samba-Guide-5.pdf)
After following step for step the instructions there, now my Integration and Samba is working correct.

Revision history for this message
Connor Imes (ckimes) wrote :

The Ubuntu Documentation team has moved the serverguide out of the ubuntu-docs source, it is now under the serverguide project. Moving this bug accordingly.

Changed in serverguide:
assignee: nobody → Adam Sommer (asommer)
status: New → Triaged
Changed in ubuntu-docs (Ubuntu):
assignee: Adam Sommer (asommer) → nobody
status: Triaged → Invalid
Revision history for this message
Connor Imes (ckimes) wrote :

Thank you for your report. The Samba AD docs have been updated in previous releases. The documentation for Natty should be up to date - https://help.ubuntu.com/11.04/serverguide/C/samba-ad-integration.html

Since this report was filed we've moved to likewise-open 5.4, then to 6.0, with 6.1 coming for Oneiric. Please post back if you are still having problems connecting to AD using the serverguide docs.

Changed in serverguide:
status: Triaged → Incomplete
Revision history for this message
Peter Matulis (petermatulis) wrote :

9.04 is EOL.

Changed in serverguide:
status: Incomplete → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.