Hello All,
Your typical problem....I am trying to configure Samba-3.0.2-6.3E
on RedHat Linux. I have spent days trying to get this working. What I
would like to do is provide the ability to connect to Samba shares from
Windows, more specific, WinXP. What I want to avoid is having to manage
user accounts on both the Windows or AD side and the Unix side, thus
having authentication handled by AD. As I understand, to do this you
set the security in the smb.conf to Domain. Below I have shown my
smb.conf file. So far the only way I have been able to get this to work
is by setting security=server and password server = ADservername. I
have been searching high and low and can't find anything, most all for
earlier versions of Samba. One problem is the correct usage of "net
join" I have seen is used so many different ways I don't know which is
correct but I have been successful in adding the samba server to the
domain using "net join -S ADservername -U adminuserID". Here is my
smb.conf...
[global]
workgroup = domainname
realm = domainname.com
server string = Samba Server
log file = /var/log/samba/%m.log
max log size = 50
security = domain
password server = ADservername (have also tried *)
encrypt passwords = yes
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
os level = 33
wins support = no
wins server = winsservername
dns proxy = no
[Test]
comment = Home Directories
browseable = no
writable = yes
public = yes
guest ok = yes
When I try to run wbinfo -u , after adding the server to the domain
successfully, I get "Error looking up domain users." For kicks if I
actually try to map to the samba share from an XP desktop I have got one
of two errors
- no logon server available....
or
- no trust established....
In the winbind log I get "NT_STATUS_ACCESS_DENIED". I have even bought
the O'Reilly book Using Samba, followed the sample setup and still the
same problem. Disconcerting I can find concrete answers or examples
from such an awesome tool once it works. I am starting to think there
is a problem on the AD side of things.
Any help would be greatly appreciated.
What you really want to do is to configure your kerberos, then use security = ads. do a kinit [EMAIL PROTECTED], supply the password and then do net ads join to join the AD domain...
That should work :o)
Good luck
/Thomas
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
