Dimitri Yioulos wrote:
On Tuesday 13 September 2005 11:09 am, Jason Gerfen wrote:
I am having a hard time getting Samba to authentication correctly
against a Windows Active Directory setup.
Here is a snap of the smb.conf
[global]
passdb backend = ldapsam
security = domain
password server = server1.com server2.com
prefered master = No
local master = no
hide unreadable = yes
wins support = no
winbind use default domain = yes
domain master = No
netbios name = samba-newb
workgroup = scl
prefered master = no
dns proxy = no
idmap uid = 15000-20000
idmap gid = 15000-20000
realm = server.com
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add machine script = /usr/sbin/useradd -c Machine -d
/var/lib/nobody -s /bin/false %m$
use spnego = yes
server string = samba-newb
update encrypted = yes
domain logons = yes
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
encrypt passwords = yes
os level = 20
template shell = /bin/bash
template homedir = /home/%D/%U
[newb]
comment = newb
inherit acls = Yes
path = /usr/local/files/
read only = no
force group = users
force user = users
guest ok = no
I can run the net ads join command which works fine, but if I try to
authentication without a local account I am recieving errors. Any
assistance or pointers is appreciated.
--
Jason Gerfen
Student Computing Labs, University Of Utah
[EMAIL PROTECTED]
J. Willard Marriott Library
295 S 1500 E, Salt Lake City, UT 84112-0860
801-585-9810
"My girlfriend threated to
leave me if I went boarding...
I will miss her."
~ DIATRIBE aka FBITKK
Jason,
It looks like your smb.conf is set up more for a Samba PDC than for a member
server in a Windows AD. Are you looking to make your Samba server a member
server? If so:
security = ads
wins server = ip.of.your.winsserver
I don't believe you need:
passdb backend = ldapsam
Is kerberos installed, and do you have krb5.conf set up properly?
I removed the passdb backend = ldapsam
Kerberos is installed and the krb5.conf is working as the kinit and
klist work for gathering the TGT's
I also modified the server to = ads
I don't have a wins server, so that is not configured.
I am still experiencing the same problems with having this work as a
member server. Any other tips out there?
Dimitri
--
Jason Gerfen
"My girlfriend threated to
leave me if I went boarding...
I will miss her."
~ DIATRIBE aka FBITKK
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
