> You might want to take a look at "Integrating Red Hat Enterprise Linux 6 with Active Directory". It's the best document I've seen on this topic. I found that Samba/Kerberos/Winbind is the most complete solution for attaching a Samba fileserver in my AD environment. https://access.redhat.com/sites/default/files/attachments/rhel-ad-integration-deployment-guidelines-v1.5.pdf I already figured it out earlier this afternoon and have a working setup. Will review the above. [your setup instructions] Here, I'm not modifying any of the hosts/resolv.conf/nsswitch.conf files. This is not an integration exercise, only a samba fileserver with AD auth. > If you are editing a smb.conf file of a previously existing Samba fileserver, do not change the range value in the "idmap config * : range =" parameter winbindd(8) mentions "netlogon proxy only mode", so I commented out all the range settings (after first verifying that it worked with them). > 3. Start the smb and winbind services: I find it will not work without nmb. > 6. Verify the bind to AD is valid: > a. net ads info > b. net ads testjoin Brilliant, I didn't know these commands. > 7. Create a Kerberos /etc/krb5.keytab file: > net ads keytab create -U username > 8. Verify the contents of the Kerberos keytab file: > klist -ke This is a step I was missing. What is the purpose of the keytab? Can it help with the default ticket FILE:/tmp/krb5cc_0 expiration? I'm also facing this problem, although everything seems to work fine. I've tested with smbclient and a Windows client. # net ads testjoin gss_init_sec_context failed with [Unspecified GSS failure. Minor code may provide more information: No credentials cache found] Join is OK #