[brlug-general] Samba in Active Directory

Andrew Baudouin andrewmb at gmail.com
Tue Mar 27 08:12:11 CST 2007 

What's /etc/nsswitch.conf say?

On 3/27/07, Tim Hallin <timhallin at gmail.com> wrote:
>
> I setup up a samba server using SLES 10. I have joined an AD domain.
> wbinfo -u - returns the AD user list, so I think winbind is working. In
> Linux I can give domain users ownership of files (chown). When I setup a
> share the Domain users can see the share but not login unless I remove Samba
> from the Domain and enter them locally (smbpasswd -a). It will not let
> domain users access samba shares. I think Kerberos is working. I have used
> Samba for years, this is my first attempt at using AD for authentication.
>
> Can a Samba member server directory join an Active Directory Domain or
> does it need to connect through a Samba Domain Controller? Or Does my first
> Samba box need to a Domain Controller ?
>
> Thanks,
>
> Tim Hallin
>
>
>
> [global]
>     workgroup = FRANKLIN
>     realm = FRANKLIN.INT
>     server string = Windows Server 2003
>     security = ADS
>     map to guest = Bad User
>     password server = DC1 DC2
>     printcap name = cups
>     logon path = \\%L\profiles\.msprofile
>     logon drive = P:
>     logon home = \\%L\%U\.9xprofile
>     domain master = No
>     ldap ssl = no
>     idmap uid = 10000-20000
>     idmap gid = 10000-20000
>     winbind use default domain = Yes
>     winbind refresh tickets = yes
>     cups options = raw
>     include = /etc/samba/dhcp.conf
>     template homedir = /home/%D/%U
>     template shell = /bin/bash
>
> [profiles]
>     comment = Network Profiles Service
>     path = %H
>     read only = No
>     create mask = 0600
>     directory mask = 0700
>     store dos attributes = Yes
>
> [users]
>     comment = All users
>     path = /data/profiles
>     read only = No
>     inherit acls = Yes
>     veto files = /aquota.user/groups/shares/
>
> [groups]
>     comment = All groups
>     path = /data/groups
>     read only = No
>     inherit acls = Yes
>
> [printers]
>     comment = All Printers
>     path = /var/tmp
>     create mask = 0600
>     printable = Yes
>     browseable = No
>
> [print$]
>     comment = Printer Drivers
>     path = /var/lib/samba/drivers
>     write list = @ntadmin, root
>     force group = ntadmin
>     create mask = 0664
>     directory mask = 0775
>
> [test]
>     comment = test
>     path = /test
>     valid users = FRANKLIN\tth
>     write list = FRANKLIN\tth
>     read only = No
>     inherit acls = Yes
>
> _______________________________________________
> General mailing list
> General at brlug.net
> http://mail.brlug.net/mailman/listinfo/general_brlug.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/general_brlug.net/attachments/20070327/78908f18/attachment-0001.html

More information about the General mailing list