Quoting Scott Heisler <scott.heisler at huntleighusa.com>: > I have the latest Centos (4.1), all YUM'd up to date. I've been through > the How-TO's on Samba's site as well as 4 million other sites and still > can't get proper AD (Active Directory) Authentication to work. It looks > like it's working, appears in the domain server list and pulls users and > groups. If I do a klist -u, I see all the users with domain+username > correctly. However, I can't apply any of that security to any > directories on the box or see those users with Webmin (when doing Samba > Share security). The users who don't have local accounts can't browse > the samba server either (as soon as they connect, it pops up the login > ID & Pass) > > I followed everything and have been working on the issue for 4 days. Am > I missing something? Please help! Well, hard to say with no details of your configuration ("followed everything" might mean something to you, but for the rest of us it's "what everything?"). I've had some trouble getting LDAP authenticate against AD some time ago, that I resolved (no samba, no anything, just LDAP authenticating users). It sounds you are going couple of steps further then me. Anyhow, what version of AD you have? 2000 and 2003 are a bit different, and there are steps that need to be done with 2000 that are not needed with 2003 to get the Kerberos stuff working. For what you are trying to do, you'll probably need to configure both Kerberos (to get authentication going) and LDAP (to get user lists) correctly. This usually means creating principals for Unix services by hand, and coping keytab files back to the Unix side. Do you have all schemas on your AD that are needed for Unix accounts? Can you use ldapsearch to bind to AD and list users? There's an excellent Microsoft document titled "Windows Security and Directory Services for UNIX". You can download it for free as PDF from Microsoft web site. I'd higly recommend you get it. It has almost all you need to know about configuring AD and Linux side to play nicely with each other. Skip "for IT managers" parts, and go to technical sections. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.