AD Authentication

NOTE: For some reason this does not work properly under Debian, My Ubuntu installation works fine but not normal Debian. The Debian system won't authenticate users till after I have authenticated as root then restarted the samba and winbind services... Then it all works perfectly. And yes I know the instructions are for Ubuntu but there should be consistency with Debian.

I acheived this with the help of two links:

This wasn't the easiest thing to do, my big tip is don't add comments to the end of lines in your smb.conf as this caused problems

My instructions

First you need to get samba and winbindd:

apt-get install winbind samba

Then you need to look at the configuration.

Make configuration changes as demmonstraited in the Ubuntu instructions steps 3, 4, 5 and 6. Skip 7. Follow 8 and 9.

If when you join your client to the domain you get the error:

KDC reply did not match expectations while getting initial credentials

You didn't put the domain in capitals. it has to be:

net ads join -U user@DOMAIN

Now users can use your server with their AD user names and passwords. There is more to this with many options as is evident from the two guides however this is the bare minimum.

Using default settings this should give your users access to the following things with their AD username & password:


These are my notes as I have had issues with the above which worked once but I haven't been able to replicate perfectly.
*setup samba
try "winbindd chkconfig" to test config of winbindd
net ads join -U user@DOMAIN
net ads testjoin
-system hangs on login after reboot.
-new link:
daper guide from novel