[Samba] Problem: FreeBSD 5.4 and Samba 3.0.20 not working with ADS

Thomas Lesh TLesh at hss-mms.com
Mon Sep 19 18:12:11 GMT 2005 

Hello all,

I'm having a really difficult time with this setup.  I can communicate
with my Win2k3 PDC from my FreeBSD Samba file server by using the wbinfo
utility.  The wbinfo utility returns all of the information that I
expect it to successfully.  I've joined the Samba file server to the AD
already.  Users can access shared resources on the Samba file server
*ONLY IF* they have a local account on the Samba file server.  What am I
doing wrong, it's giving me massive headaches?!  Here are my config
files:

-------[ smb.conf ]-------
[global]
	workgroup = HELLO
	realm = HELLO.LOCAL
	server string = Samba File Server
	security = ADS
	auth methods = winbind
	password server = 192.168.20.5
	log level = 3
	log file = /var/log/samba/log.%m
	max log size = 100
	socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
	printcap name = cups
	preferred master = No
	domain master = No
	dns proxy = No
	wins server = 192.168.20.5
	ldap ssl = no
	idmap uid = 10000-20000
	idmap gid = 20000-30000
	winbind use default domain = Yes
	winbind trusted domains only = Yes
	invalid users = root
	acl group control = Yes
	inherit permissions = Yes
	inherit acls = Yes
	write cache size = 262144

[homes]
	comment = Home Directories
	read only = No
	browseable = No

[public]
	comment = Public Share
	path = /home/pub
	admin users = Administrator
	read only = No
	create mask = 0664
	directory mask = 0775
	guest ok = Yes

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	browseable = No

-------[ krb5.conf ]-------
 [libdefaults]
        default_realm = HELLO.LOCAL

[realms]
	HELLO.LOCAL = {
        	kdc = champion.hello.local
		admin_server = champion.hello.local
        }

[domain_realm]
        .hello.local = HELLO.LOCAL

-------[ nsswitch.conf ]-------
group: compat files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: compat files winbind
passwd_compat: nis
shells: files
shadow: files winbind

-------[ /etc/pam.d/login ]-------
# auth
auth		required	pam_nologin.so		no_warn
auth		sufficient	pam_self.so		no_warn
auth		include		system
auth		sufficient	pam_winbind.so

# account
account		requisite	pam_securetty.so
account		include		system
account		sufficient	pam_winbind.so

# session
session		include		system

# password
password	include		system


Thanks for taking the time to check this out!
-Tom

More information about the samba mailing list