I've got a domain member server configured as such:
Load smb config files from /etc/samba/smb.conf
Processing section "[videos]"
Processing section "[music]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
[global]
workgroup = TEMPEST
server string = Media Server (%h) (Livingroom
Television)
security = DOMAIN
From the Official How To:
Example ConfigurationSamba as a Domain Member Server
This method involves addition of the following parameters in the
smb.conf file:
security = domainworkgroup = MIDEARTH
In order for this method to work, the Samba server needs to join the
MS Windows NT security domain. This is done as follows:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2559628
Use of this mode of authentication requires there to be a standard
UNIX account for each user in order to assign a UID once the account
has been authenticated by the Windows domain controller. This account
can be blocked to prevent logons by clients other than MS Windows
through means such as setting an invalid shell in the /etc/passwd
entry. The best way to allocate an invalid shell to a user account is
to set the shell to the file /bin/false. Domain controllers can be
located anywhere that is convenient. The best advice is to have a BDC
on every physical network segment, and if the PDC is on a remote
network segment the use of WINS (see Network Browsing for more
information) is almost essential.
An alternative to assigning UIDs to Windows users on a Samba member
server is presented in Winbind, Winbind: Use of Domain Accounts.
Also see:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#domain-member-server
map to guest = Bad User
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
wins server = density.aarcane.info
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
[videos]
comment = Rebirth local Videos
path = /media/local/videos
write list = @rebirth
force group = videos
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
[music]
comment = Rebirth local Music
path = /media/local/music
write list = @rebirth
force group = music
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
The server is not honoring domain accounts (the PDC honors domain
accounts and shows owners/groups as domain users without issue), but
this one is saying "Unknown username or bad password" when trying to
browse to it, and when you specify your domain username and password
manually in the prompt, it shows files and groups as REBIRTH/username
or
UNIX-GROUP/groupname instead of as domain users and groups.
below I've stopped the server, cleared out the old log files, and
restarted smbd (and nmbd) and double-clicked on rebirth in the windows
7
network pane.
ikari (10.0.0.241) is the client I'm using.
aarc...@rebirth:/var/log/samba$ ls
cores log.10.0.0.241 log.ikari log.nmbd log.smbd
aarc...@rebirth:/var/log/samba$ cat log.10.0.0.241
aarc...@rebirth:/var/log/samba$ cat log.ikari
[2010/12/29 16:04:30.647903, 0]
lib/util_sock.c:474(read_fd_with_timeout)
[2010/12/29 16:04:30.648046, 0]
lib/util_sock.c:1432(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
read_fd_with_timeout: client 0.0.0.0 read error = Connection
reset by
peer.
aarc...@rebirth:/var/log/samba$ cat log.nmbd
[2010/12/29 16:03:44, 0] nmbd/nmbd.c:857(main)
nmbd version 3.5.4 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
aarc...@rebirth:/var/log/samba$ cat log.smbd
[2010/12/29 16:03:41, 0] smbd/server.c:1123(main)
smbd version 3.5.4 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
[2010/12/29 16:03:41.923307, 0]
printing/print_cups.c:108(cups_connect)
Unable to connect to CUPS server localhost:631 - Connection
refused
[2010/12/29 16:03:41.928781, 0]
printing/print_cups.c:108(cups_connect)
Unable to connect to CUPS server localhost:631 - Connection
refused
[2010/12/29 16:03:41.929413, 0] smbd/server.c:1169(main)
standard input is not a socket, assuming -D option
aarc...@rebirth:/var/log/samba$
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba