Hello, Thanks for your response. So if I understand this correctly, the Kerberos authenticates the client for access to the share, but the smbusers file maps Windows accounts to UNIX accounts for file system access on the Samba server? Also, if I use the "force user =x" parameter on the share would I still be able to have the Windows "Domain Admins" group perform Read/Write/Delete operations on the share, and the "Domain Users" group perform only Read operations? If so, could you please provide a smb.conf example? Thanks again.
~ Rodre -----Original Message----- From: Gordon Hopper [mailto:[EMAIL PROTECTED] Sent: Sunday, May 08, 2005 11:08 PM To: Rodre Ghorashi-Zadeh Cc: [email protected] Subject: Re: [Samba] Samba & Win2k AD domain membership No, you don't need to run winbind (provided that all of your Samba users already have unix accounts, or you list them in your smbusers file). I use Samba+Kerberos (with Active Directory) without running winbind. I didn't modify my pam settings because I'm using Kerberos only for Samba. Note that, in this scenario, my AD users cannot log in to the box (with e.g. telnet). Also, I map the file permissions with "force user = x", since the users don't have a read uid on the box. (Also, I can't access AD groups without winbind... There are some downsides, but Samba does work without it.) Regards, Gordon Hopper On Sat, 2005-05-07 at 13:17 -0700, Rodre Ghorashi-Zadeh wrote: > Hello, > > I am trying to setup my samba server version 3.0.10-1.fc3 as a Win2k Domain > Member. What I need to know is once I have ADS security and Kerberos > working, do I still need to use winbind or ldap for client authentication or > will Kerberos take care of it? > > > > Rodre Ghorashi-Zadeh > > Chief Systems Engineer > > Conduit Technical Environments Corporation > > 604.785.4888 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
