Re: [Samba] Samba 3 as a Windows 2000 ADS Domain Member

Sun, 21 Dec 2003 09:01:40 -0800

You still need UNIX users and groups, but you don't need to create them by hand; winbind can take care of that for you.

Other than the buzzword of ADS, there is not much different between ADS and NT4 style auth (at least to the user, the protocals are different).

I'd look at the winbind chapter first.

-Tom

James McDonald wrote:
I have read and followed http://samba.mirror.aarnet.edu.au/samba/docs/man/domain-member.html#ads-member regarding setting up a samba 3 box as an ADS Domain Member.

But am unsure of how it is suppose to work in real life.

Do you still need unix groups on the samba 3 machine to map to the ADS groups? I noticed some ldap idmap dn settings but am uncertain if this can work off the Win2k ADS or does it require a special schema.

When I run smbclient -k //windows2000server/share from my samba 3 box it fails until I run kinit [EMAIL PROTECTED] is this correct?

I suppose my understanding of the samba 3 ADS architecture is somewhat limited and reading the documentation helps though perhaps assumes a lot of givens so maybe I need to have a dialogue with some one who has 'been there done that' in relation to setitng up a samba 3 box as a windows 2000 member server. If what I am providing is not correct please flame me till I get it right.... I would like to learn more about Samba's setup/configuration.


My setup is a follows

A Win2k DC Running in a VMWARE Session on a "Linux RH9 box running Samba Version CVS 3.1.0alpha1"

my /etc/krb5.conf

[libdefaults]
ticket_lifetime = 24000
default_realm = JMCD.LOCAL

[realms]
JMCD.LOCAL = {
 kdc = dc1.jmcd.local:88
 admin_server = dc1.jmcd.local:749
 default_domain = jmcd.local
}

[domain_realm]
.jmcd.local = JMCD.LOCAL
jmcd.local = JMCD.LOCAL


# /etc/smb.conf

# Global parameters
[global]
       workgroup = JMCD
       realm = JMCD.LOCAL
       security = ADS
       password server = dc1.jmcd.local:389
       client NTLMv2 auth = Yes
       client lanman auth = No
       client plaintext auth = No
       local master = No
       ldap ssl = no
       idmap backend = ldap:ldap://dc1.jmcd.local
       printing = cups

[homes]
       valid users = %S
       read only = No
       browseable = No

[printers]
path = /tmp
printable = Yes
browseable = No




--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to