Hi John, read the chapter 7 (and most of the document, very well written btw)
I seem to be where I needed to already. In one of your examples (7.3.4.1) "5. Validate the operation of this configuration by executing:" ... It says that getent passwd administrator SHOULD return the administrator but I get nothing Instead if I run getent passwd | grep administrator I get.. DEV-DOMAIN+administrator:x:10007:10018:Administrator:/home/DEV-DOMAIN/admini strator:/bin/false Now obviously DEV-DOMAIN+ is the AD part of things, is this possible to be stripped out? Have I missed something in my smb/krb configuration? Also my script basically looks at /etc/shadow and grabs out usernames and passwords and puts them to the various .htaccess auth files and squid auth file. Now when I run getent shadow it only returns local account information. My nsswitch.conf has; passwd: files winbind shadow: files winbind group: files winbind Should I be seeing more info than just the local accounts? If not, is there a way in which I can ask the AD / kerberos to provide that information? Wbinfo doesn't seem to have any option to show crypted passwords... If it should be (as I am guessing by the "see chapter 7" bit previously replied to) any ideas why I cant seem to see them/get to them? Many thanks Ross -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John H Terpstra Sent: 13 May 2005 12:06 To: samba@lists.samba.org Subject: Re: [Samba] Samba 3.0.14a, Windows 2k3 and ADS On Friday 13 May 2005 04:59, sysrm wrote: > Thanks john, > > Is there any specific chapter I should be looking at? Chapter 7 covers Samba as an ADS Domain Member server. > > Searches for the -F switch, adding accounts via samba etc didn't turn > up anything. > > Also it seems to be written more with samba as the PDC, which isnt the > case for me. Nope. Chapter 7 deals with domain member servers and clients in general. It includes ADS members. With ADS your Samba server should use Kerberos. To do that on RHEL3 will require a lot of work. RHEL3 has MIT KRB 1.2.7 - that will not play well with W2K3 ADS for which at least 1.3.4 is needed. Further comments below. > > Thanks anyways > > Ross > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of John H Terpstra > Sent: 13 May 2005 11:32 > To: samba@lists.samba.org > Subject: Re: [Samba] Samba 3.0.14a, Windows 2k3 and ADS > > Ross, > > You may find some useful info in the book "Samba-3 by Example" that > answers your questions. It can be downloaded from: > > http://www.samba.org/samba/docs/Samba-Guide.pdf > > > Cheers, > John T. > > On Friday 13 May 2005 04:21, sysrm wrote: > > Hi all > > > > Thanks for everyones help so far with trying to get these all working. > > > > I am now at the stage where I can logon to the domain and access a > > samba share with out having to enter in a username password (i.e > > samba is using AD to authenticate) > > > > My system is setup like so: > > > > Windows 2k3 PDC (so I get group policy features, bad password > > attempts, account expiry etc) Samba 3.0.14a on RH es3 linux > > FileStore ( peoples Home drive email etc ) > > > > Now I have a couple of questions... > > > > 1. I can use the net rpc add user command to add users, when I do > > this they are disabled in windows AD, and ive been unable to find > > any documentation of the -F switch (which is where I assume u can > > say if they are disabled, what their home directory is, and where to > > map it > > etc) I am documenting this now in the Samba-HOWTO-Collection. > > 2. In various howto's docs etc people talk about using samba as the > > pdc and open ldap etc. Is the above system using LDAP ? i.e Windows > > 2k3 AD ? Or is what I have using kerberos? Kerberos. > > 3. assuming im not using ldap, I have a script that currently runs > > every 15 mins and brings out a user,cryptpasswd list of my users and > > gives it out to various services (such as .htaccess and squid) > > Either by using ldap or another way, how is this possible to do? > > Since the users are no longer on the linux box (locally) Use winbind - see chapter 7. - John T. > > Many thanks! > > > > Ross > > -- > John H Terpstra > Samba-Team Member > Phone: +1 (650) 580-8668 > > Author: > The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 > Samba-3 by Example, ISBN: 0131472216 > Hardening Linux, ISBN: 0072254971 > Other books in production. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
