Hi everyone,
I have a problem with my samba and winbind configuration:
before I switched the config (from local user authentication to AD
authentication using winbind) my users were able to authenticate for example as
“peter”. Now, after switching, they are forced to use SAMBASERVERNAME\peter. If
they use only “peter” winbind tries to authenticate them against the AD which
fails. Is there a way to “teach” winbind to try to authenticate every user
locally if they dont use DOMAIN\peter ?
Hope you understand my problem in spite of my bad English ☺
My configuration:
SLES11 SP0
samba-3.2.7-11.6
samba-winbind-3.2.7-11.6
krb5-1.6.3-133.10
smb.conf:
[global]
workgroup = DOMAIN
netbios aliases = SAMBASERVER
interfaces = eth0, 127.0.0.1/8
bind interfaces only = Yes
;security = ADS
security = ADS
password server = 192.168.1.1
load printers = No
disable spoolss = Yes
show add printer wizard = No
;printcap name = cups
logon path = \\%L\profiles\.msprofile
logon drive = P:
logon home = \\%L\%U\.9xprofile
encrypt passwords = Yes
smb passwd file = /etc/samba/smbpasswd
username map = /etc/samba/smbusers
kernel oplocks = No
ldap ssl = no
printing = bsd
;cups options = raw
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
include = /etc/samba/dhcp.conf
log level = 1
realm = DOMAIN.DE
template homedir = /home/%D/%U
template shell = /bin/bash
usershare allow guests = No
winbind refresh tickets = yes
winbind offline logon = yes
idmap gid = 10000-20000
idmap uid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
idmap backend = ad
idmap config DOMAIN : backend = ad
winbind nss info = rfc2307
krb5.conf
[libdefaults]
default_realm = DOMAIN.DE
clockskew = 300
[realms]
DOMAIN.DE = {
kdc = 192.168.1.1
admin_server = 192.168.1.1
default_domain = domain.de
}
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[domain_realm]
.domain.de = DOMAIN.DE
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
minimum_uid = 1
}
Cheers,
Philipp
________________________________________________
S&L Netzwerktechnik GmbH
Philipp Braband
Networking Team
Florinstrasse 18
56218 Muelheim-Kaerlich
Telefon: +49 261 92736 308
Fax:
Email: [email protected]
www: http://www.sul.de
www: http://www.controlseries.de
www: http://www.monitoring-solution.de
________________________________________________
S&L Netzwerktechnik GmbH - Geschaeftsfuehrer Goetz Schmitt, Oliver Schmitt
Sitz der Gesellschaft: Muelheim-Kaerlich - Amtsgericht Koblenz HRB 135 53
USt-ID: DE 171698897 - USt-ID: Luxembourg LU 18934643
Diese E-Mail kann vertrauliche und/oder rechtlich geschuetzte Informationen
enthalten. Wenn Sie nicht der beabsichtigte Empfaenger sind oder diese E-Mail
irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender
telefonisch oder per E-Mail und loeschen Sie diese E-Mail aus Ihrem System. Das
unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht
gestattet. Wir haften nicht fuer die Unversehrtheit von E-Mails, nachdem sie
unseren Einflussbereich verlassen haben.
This e -mail may contain confidential and/or privileged information. If you are
not the intended recipient (or have received this e-mail in error) please
notify the sender immediately by call or e-mail and destroy this e-mail. Any
unauthorised copying, disclosure or distribution of the material in this e-mail
is strictly forbidden. We are not responsible for the integrity of e-mails
after they have left our sphere of control.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
