Comments on Configuring Samba 3.0 To Use The ADS Security Mode (CentOS)
Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) The intent of this article is to show you how to configure your Linux machine and Samba server to participate in a Windows 2003 Active Directory domain as a Member Server using Kerberos authentication. This involves using the security = ADS security mode in Samba.
4 Comment(s)
Comments
I was getting
ads_connect: Operations error
when trying to join the domain, it seems somehow related to the version of samba, 3.0.23.
You have to make sure your /etc/hosts file is correct, and that the domain (the FQDN) of your client machine is the same as of the domain of the ad machine.
Also, the client workgroup has to be the same as of the AD workgroup.
Finally, if instead of "net ads join" you use "net join" it will try ads then rpc join, and the last one was the one who worked for me.
Hope it helps.
When facing problems, check Time vs Kerberos. Both are silent killers, even after you've authenticated.
The easiest way to resolve user related issues, is to use Winbind. Once that is fixed, is ridiculously easy to get everything to work properly.
Follow the instructions here, then follow the instructions from SAMBA (with a little intelligent changes), will set you up. Here is the link.
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html
Years afterward, still helps me ;)
Just encountered the error "Strong(er) authentication required" on last step : net ads join.
I solved it by installing samba3x instead of samba.3.0 and added the following option to my smb.conf :
client ldap sasl wrapping = sign
Although this was written for Windows Server 2003, I was able to get this to work on Windows Server 2012. Very easy to follow tutorial.