aha! Nsswitch.conf must contain the following at least: passwd: compat winbind group: compat winbind shadow: compat hosts: files dns wins networks: files dns protocols: db files services: db files ethers: db files rpc: db files
On 3/27/07, Tim Hallin <timhallin at gmail.com> wrote: > > nsswitch.conf > > shadow: files nis > > passwd: compat > group: compat > > hosts: files dns > networks: files dns > > services: files ldap > protocols: files > rpc: files > ethers: files > netmasks: files > netgroup: files ldap > publickey: files > > bootparams: files > automount: files > aliases: files ldap > passwd_compat: ldap > group_compat: ldap > > > On 3/27/07, Andrew Baudouin <andrewmb at gmail.com> wrote: > > > > Also, how about "*getent passwd* "? > > > > On 3/27/07, Andrew Baudouin < andrewmb at gmail.com> wrote: > > > > > > What's /etc/nsswitch.conf say? > > > > > > On 3/27/07, Tim Hallin < timhallin at gmail.com> wrote: > > > > > > > I setup up a samba server using SLES 10. I have joined an AD domain. > > > > wbinfo -u - returns the AD user list, so I think winbind is working. In > > > > Linux I can give domain users ownership of files (chown). When I setup a > > > > share the Domain users can see the share but not login unless I remove > > > > Samba > > > > from the Domain and enter them locally (smbpasswd -a). It will not let > > > > domain users access samba shares. I think Kerberos is working. I have > > > > used > > > > Samba for years, this is my first attempt at using AD for > > > > authentication. > > > > > > > > Can a Samba member server directory join an Active Directory Domain > > > > or does it need to connect through a Samba Domain Controller? Or Does my > > > > first Samba box need to a Domain Controller ? > > > > > > > > Thanks, > > > > > > > > Tim Hallin > > > > > > > > > > > > > > > > [global] > > > > workgroup = FRANKLIN > > > > realm = FRANKLIN.INT > > > > server string = Windows Server 2003 > > > > security = ADS > > > > map to guest = Bad User > > > > password server = DC1 DC2 > > > > printcap name = cups > > > > logon path = \\%L\profiles\.msprofile > > > > logon drive = P: > > > > logon home = \\%L\%U\.9xprofile > > > > domain master = No > > > > ldap ssl = no > > > > idmap uid = 10000-20000 > > > > idmap gid = 10000-20000 > > > > winbind use default domain = Yes > > > > winbind refresh tickets = yes > > > > cups options = raw > > > > include = /etc/samba/dhcp.conf > > > > template homedir = /home/%D/%U > > > > template shell = /bin/bash > > > > > > > > [profiles] > > > > comment = Network Profiles Service > > > > path = %H > > > > read only = No > > > > create mask = 0600 > > > > directory mask = 0700 > > > > store dos attributes = Yes > > > > > > > > [users] > > > > comment = All users > > > > path = /data/profiles > > > > read only = No > > > > inherit acls = Yes > > > > veto files = /aquota.user/groups/shares/ > > > > > > > > [groups] > > > > comment = All groups > > > > path = /data/groups > > > > read only = No > > > > inherit acls = Yes > > > > > > > > [printers] > > > > comment = All Printers > > > > path = /var/tmp > > > > create mask = 0600 > > > > printable = Yes > > > > browseable = No > > > > > > > > [print$] > > > > comment = Printer Drivers > > > > path = /var/lib/samba/drivers > > > > write list = @ntadmin, root > > > > force group = ntadmin > > > > create mask = 0664 > > > > directory mask = 0775 > > > > > > > > [test] > > > > comment = test > > > > path = /test > > > > valid users = FRANKLIN\tth > > > > write list = FRANKLIN\tth > > > > read only = No > > > > inherit acls = Yes > > > > > > > > _______________________________________________ > > > > General mailing list > > > > General at brlug.net > > > > http://mail.brlug.net/mailman/listinfo/general_brlug.net > > > > > > > > > > > > > > > _______________________________________________ > > General mailing list > > General at brlug.net > > http://mail.brlug.net/mailman/listinfo/general_brlug.net > > > > > > _______________________________________________ > General mailing list > General at brlug.net > http://mail.brlug.net/mailman/listinfo/general_brlug.net > > -------------- next part -------------- An HTML attachment was scrubbed... URL: /pipermail/general_brlug.net/attachments/20070327/cce45f64/attachment-0001.html
