[Samba] samba Active directory and SSO
Bruno Guerreiro
bruno.guerreiro at ine.pt
Fri Dec 16 16:37:26 GMT 2005
Hi,
I think there is one thing or two you must change.
> -----Original Message-----
> From: M.Sebbane at aui.ma [mailto:M.Sebbane at aui.ma]
> Sent: sexta-feira, 16 de Dezembro de 2005 15:48
> To: samba at lists.samba.org
> Subject: [Samba] samba Active directory and SSO
>
> Dear all,
>
> I guess there were a lot of posts about this subject, but Im
> really stuck & prefer start a new thread hoping that some of
> you won't mind re-posting to help the Samba NewBie that I am.
>
> well, here is my situation:
> - more than 1000 users on a hetegenous network, One Domain &
> the need to keep only one.
>
> - I need my Linux Boxes' users to get authenticated against a
> single AD, therefore I installed Samba 3 on a redhat 9 kernel 2.4,
>
> - smbd, nmbd & Winbind are running
>
> - the linux boxes joined my domain using the command
> [root at LinuxBox root]#net ads join -U Administrator%password
>
> - I am able to view the list of the users in the AC, with:
> [root at LinuxBox root]#/usrlocal/samba/bin/wbinfo -u
>
> HOWEVER, I get the listing in the format username not the supposed
> MYDAMAINNAME+username
>
> furthermore, when I try to logon the linuxbox using one of my
> AD users, I simply cannot Please find below my config files:
> smb.conf, /pam.d./login & /etc/nsswitch
>
> Thank you very much for reading my post & Please let me know
> if you need anymore information....
>
> Best Regards,
>
> smb.conf
>
> #======================= Global Settings
> =====================================
> [global]
<--snip -->
> winbind usedefault domain = yes
I think this must be set to no in order to show also the MYDOMAIN part,i.e
winbind use default domain = no
According to man 5 smb.conf you should set also winbind separator:
winbind separator (G)
This parameter allows an admin to define the character used
when
listing a username of the form of DOMAIN \user. This
parameter
is only applicable when using the pam_winbind.so and
nss_win-
bind.so modules for UNIX services.
Please note that setting this parameter to + causes
problems
with group membership at least on glibc systems, as the
charac-
ter + is used as a special character for NIS in /etc/group.
Default: winbind separator = â\â
Example: winbind separator = +
> ===================================
> Sebbane Mehdi
> Network & Systems Administrator
> ITS Department
> Alakhawayn University
> Ifrane 53000
> Morocco
> Voice : +212 (0) 55 86 24 23
> Fax: +212 (0) 55 86 24 24
> www.aui.ma
> ===================================
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
Best Regards,
Bruno Guerreiro
More information about the samba
mailing list