I've got my smb.conf set as follows:
[global]
disable spoolss = Yes
show add printer wizard = No
security = ADS
log level = 1
realm = FOO.BAR.COM
password server = dc.foo.bar.com
workgroup = FOO
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
winbind use default domain = yes
idmap backend = ad
winbind nss info = rfc2307
use kerberos keytab = yes
client lanman auth = no
client ntlmv2 auth = yes
idmap uid = 10000-15000
idmap gid = 5000-6000
winbind refresh tickets = yes
When I connect to a share from a test workstation logged in as me, it
takes a while to connect. In the logs, I see this:
[2008/11/10 11:58:05, 1] smbd/sesssetup.c:reply_spnego_kerberos(474)
Username FOO+WORKSTATIONNAME$ is invalid on this system
I presume this is because I have rfc2307 set for winbind nss info? The
behaviour I want, which I am seeing, is that only users in AD which have
Unix UIDs defined show in getent passwd. Do I need to add a more general
pool for rids so that they can be generated on the fly for computer
accounts?
I am trying to use winbind as a general authentication-against-ad
mechanism on lots of servers, but on the servers that run smbd, I
also want to be able to serve files to XP clients as 'normally' as
possible.
I'd appreciate any advice...
Cheers,
Paul
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
