Re: [Samba] domain vs. ads

Fri, 04 Nov 2005 19:34:17 -0800 

OK. It looks like you are telling Samba to use Kerberos by putting it in
a realm. I believe the trick should be to make your Samba server look
like an NT4 server (one that doesn't understand ADS). Then is should be
able to join using the pre-ADS protocol.


Jason Gerfen wrote:
I have. You see the problem I am having is dealing with some users using kerberos for authentication once I have joined the machine to the domain as server = ads.
I only need to authentication users against active directory for this particular machine so I set the server = domain and everytime I attempt to join using net rpc join I recieve errors that the domain is not valid. 

[EMAIL PROTECTED]:~> testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[odin]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

# Global parameters
[global]
       workgroup = SCL
       realm = SCL.DOMAIN
       server string = testmachine
       security = DOMAIN
       update encrypted = Yes
       password level = 20
       preferred master = No
       domain master = No
       idmap uid = 500-500000
       idmap gid = 500-500000
       winbind separator = /
       winbind cache time = 5
       winbind use default domain = Yes
       winbind nested groups = Yes

[odin]
       comment = ODIN
       path = /odin
       read only = No
       inherit acls = Yes


Gary Dale wrote:


Can you be more specific as to what you are looking for?
Non-Windows machines can use Samba to join NT or ADS domains without using Kerberos. This is quite normal. Kerberos is an optional feature that takes extra configuration.
Once in a domain, you can use the Windows groups to control access to shares.
Have you checked out the Samba Howtos and Samba by Example on the samba.org site? 


Jason Gerfen wrote:
I want a samba machine to be a member of the domain and authentication the users, but I do not want to use kerberos as authentication and I also want to limit or authentication users from a specific group. 

Examples of this?









--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to