[Samba] W2k8r2 and samba 3 integration

L.P.H. van Belle belle at bazuin.nl
Wed Dec 4 07:07:52 MST 2013 

for good info about this look here. 

http://www.danbishop.org/2012/06/02/ubuntu-12-04-ultimate-server-guide/ 
and here 
http://blog.scottlowe.org/2007/07/09/linux-ad-integration-with-windows-server-2008/ 

these where very usefull for me. 


Louis



>-----Oorspronkelijk bericht-----
>Van: harfordmeister at gmail.com 
>[mailto:samba-bounces at lists.samba.org] Namens paul harford
>Verzonden: woensdag 4 december 2013 14:45
>Aan: steve; samba at lists.samba.org
>Onderwerp: Re: [Samba] W2k8r2 and samba 3 integration
>
>Hi Steve
>i've just noticed after making the changes you mentioned the 
>getent passwd
>doesn't return the list of domain users now neither does getent groups
>
>wbinfo - u and -g booth still return the list of domain users 
>and groups
>
>Paul
>
>
>On 4 December 2013 11:14, steve <steve at steve-ss.com> wrote:
>
>> On Wed, 2013-12-04 at 11:04 +0000, paul harford wrote:
>> > Hi Steve
>> > Yes the nas is joined to the domain. When i do wbinfo -u and -g all
>> > looks good when i do getent passwd i can see all the users and the
>> > same for groups.
>> >
>> >
>> > i didn't stick up the share config but its listed below
>> >
>> >
>> > [tshare]
>> >
>> >         valid users = @"Domain removed\domain 
>admins",@"Domain removed
>> > \domain users"
>> >
>> >         path = /testpool/tshare
>> >
>> >         write list = @"Domain removed\domain 
>admins",@"Domain removed
>> > \domain users"
>> >
>> >
>> > This was just a test share but basically there will be 
>user share on
>> > the NAS and we want to restrict the share to certain users 
>and groups
>> > etc
>> >
>> >
>> > haven't heard of the keytab before can you explain ?
>> >
>>
>> >
>> > Thanks for the response its appreciated
>> >
>> >
>> > Paul
>>
>> Hi
>> Phew. AD, kerberos and keytabs would need a whole book to 
>describe but
>> basically, with kerberos, not only does the user have to 
>prove himself,
>> but also the machine on which he is working has to too. 
>Hence the keytab
>> which must contain the machine key. This can be produced when the
>> machine is joined to the domain or, if you forgot, afterwards as
>> outlined below.
>>
>> Add to smb.conf:
>> kerberos method = system keytab
>>
>> now issue:
>> net ads keytab create -UAdministrator
>> and enter the windows Administrator password
>>
>> That should get us to the next stage or give errors which 
>will help us
>> further.
>>
>> Meanwhile, what does
>> /etc/krb5.conf
>> look like?
>>
>> Cheers,
>> Steve
>>
>>
>>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list