For our Linux Machines (SLES 10) we are using kerberos and LDAP to authenticate against Active Directory (works perfectly)
Please note that the same configuration works with Windows 2003 Server, the problem is with with Windows 2008 Server However we are experiencing problems with winbind for the file share, I see in the "log.winbind-idmap" logfile the following errors [2011/03/03 15:09:08.643286, 1] winbindd/idmap_ad.c:143(ad_idmap_cached_connection_internal) ad_idmap_init: failed to connect to AD [2011/03/03 15:09:08.643323, 1] winbindd/idmap_ad.c:326(idmap_ad_unixids_to_sids) ADS uninitialized: No logon servers The user from windows clients experiences extremely poor performance (I guess timeouts from winbind, and I would also guess that winbind then assigns some kind of default ID and not the real uid/gid from AD) The Unix Services for windows is applied and the users have the correct UNIX settings (else LDAP / kerberos auth would not work) I have also tried backend = ldap:ldap://OurADServer which also does not work!!! Here is our current configuration: samba3-3.5.2-43.suse101.x86_64.rpm samba3-cifsmount-3.5.2-43.suse101.x86_64.rpm samba3-client-3.5.2-43.suse101.x86_64.rpm samba3-debuginfo-3.5.2-43.suse101.x86_64.rpm samba3-doc-3.5.2-43.suse101.x86_64.rpm samba3-utils-3.5.2-43.suse101.x86_64.rpm samba3-winbind-32bit-3.5.2-43.suse101.i586.rpm samba3-winbind-3.5.2-43.suse101.x86_64.rpm Samba Config [global] workgroup = MYDOMAIN password server = OurADServer domain master = no realm = MYDOMAIN.COM server string = ClearCase Server netbios name = OURNAME security = ADS encrypt passwords = yes winbind use default domain = Yes winbind nested groups = Yes client use spnego = Yes winbind enum users = Yes winbind enum groups = Yes template shell = /bin/bash template homedir = /home/%u log level = 2 log file = /var/log/samba/%m max log size = 50 winbind separator = + #idmap uid = 40000-50000 #idmap gid = 40000-50000 winbind offline logon = true winbind cache time = 5 winbind refresh tickets = true map to guest = Bad User username map = /etc/samba/users.map max open files = 11000 add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ ldap ssl = No socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap backend = ad ldap idmap suffix = dc=mydomain,dc=com ldap admin dn = CN=bindUserFromAD,OU=Siteroles,OU=HAM,DC=mydomain,dc=com ldap suffix = dc=mydomain,dc=com usershare allow guests = Yes directory security mask = 0775 kernel oplocks = No create mask = 0775 directory mask = 0775 map archive = No oplocks = No level2 oplocks = No [vobs] comment = Vob storage directory path = /vobs valid users = @"MYDOMAIN+ccusers" writeable = Yes create mask = 0775 force directory mode = 0775 [vobstore] comment = Vob storage directory path = /vobstore valid users = @"MYDOMAIN+ccusers" writeable = Yes create mask = 0775 force directory mode = 0775 [ccviews] comment = View storage directory path = /ccviews valid users = @"MYDOMAIN+ccusers" writeable = Yes create mask = 0775 force directory mode = 0775 Thanks for any assistance :) Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
