Thanks Sharif, I'll give that a go. ----- Original Message ----- From: "sharif islam" <[EMAIL PROTECTED]> To: "Rashaad S. Hyndman" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, November 12, 2004 3:20 PM Subject: Re: [Samba] General Questions: Regards ADS
> On Fri, 12 Nov 2004 14:44:14 -0500, Rashaad S. Hyndman > <[EMAIL PROTECTED]> wrote: > > I have been playing with getting my samba server to participate in an Acive > > Directory domain for some time and have noticed a couple things about when i > > get the machine working (or so i think). One is that when the machine joins > > the domian it always show up as a domain controller. I dont want this to > > happen. I simply wish for it to be able to authenticate users to its share > > based on the domain users. Therefore, only users on the domain should be > > able to get to the samba shares! Up to this point in have been doing the > > following: > > > > 1. relam = MY.REALM > > 2. security = ADS > > 3. encrypt passwords = yes > > and configuring my winbind file. > > > > Is this all i have to do? Do i have the wrong impression as to what ADS > > security provides? Again, all i want to do is avoid having to create a user > > for EVERYone on my domain and two allow domain users to authenticate to the > > samba shares. > > That is right. AFAIK, if you don't tell the samba machine to be a > domain controller it won' t be one. It will act like a member server. > The user should be able to authenticate via the ADS, no need to create > local accounts. Here's my samba setting for ADS: > > [global] > workgroup = REALM > realm = REALM.ORG > server string = Samba Server > security = ADS > password server = <your domain controller> > log file = /var/log/samba/samba.log > name resolve order = wins lmhosts host bcast > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > os level = 0 > preferred master = No > local master = No > domain master = No > dns proxy = No > wins server = <if you are wins server> > idmap uid = 10000-600000 > idmap gid = 10000-600000 > winbind cache time = 600 > winbind use default domain = Yes > strict allocate = Yes > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
