[brlug-general] Samba in Active Directory

Tue, 27 Mar 2007 08:59:35 -0500 

I setup up a samba server using SLES 10. I have joined an AD domain. wbinfo
-u - returns the AD user list, so I think winbind is working. In Linux I can
give domain users ownership of files (chown). When I setup a share the
Domain users can see the share but not login unless I remove Samba from the
Domain and enter them locally (smbpasswd -a). It will not let domain users
access samba shares. I think Kerberos is working. I have used Samba for
years, this is my first attempt at using AD for authentication.

Can a Samba member server directory join an Active Directory Domain or does
it need to connect through a Samba Domain Controller? Or Does my first Samba
box need to a Domain Controller ?

Thanks,

Tim Hallin



[global]
    workgroup = FRANKLIN
    realm = FRANKLIN.INT
    server string = Windows Server 2003
    security = ADS
    map to guest = Bad User
    password server = DC1 DC2
    printcap name = cups
    logon path = \\%L\profiles\.msprofile
    logon drive = P:
    logon home = \\%L\%U\.9xprofile
    domain master = No
    ldap ssl = no
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind use default domain = Yes
    winbind refresh tickets = yes
    cups options = raw
    include = /etc/samba/dhcp.conf
    template homedir = /home/%D/%U
    template shell = /bin/bash

[profiles]
    comment = Network Profiles Service
    path = %H
    read only = No
    create mask = 0600
    directory mask = 0700
    store dos attributes = Yes

[users]
    comment = All users
    path = /data/profiles
    read only = No
    inherit acls = Yes
    veto files = /aquota.user/groups/shares/

[groups]
    comment = All groups
    path = /data/groups
    read only = No
    inherit acls = Yes

[printers]
    comment = All Printers
    path = /var/tmp
    create mask = 0600
    printable = Yes
    browseable = No

[print$]
    comment = Printer Drivers
    path = /var/lib/samba/drivers
    write list = @ntadmin, root
    force group = ntadmin
    create mask = 0664
    directory mask = 0775

[test]
    comment = test
    path = /test
    valid users = FRANKLIN\tth
    write list = FRANKLIN\tth
    read only = No
    inherit acls = Yes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/general_brlug.net/attachments/20070327/a7560166/attachment.html

Reply via email to