[Samba] Authentication against AD?
Dimitri Yioulos
dyioulos at firstbhph.com
Tue Sep 13 15:28:44 GMT 2005
On Tuesday 13 September 2005 11:09 am, Jason Gerfen wrote:
> I am having a hard time getting Samba to authentication correctly
> against a Windows Active Directory setup.
>
> Here is a snap of the smb.conf
> [global]
> passdb backend = ldapsam
> security = domain
> password server = server1.com server2.com
> prefered master = No
> local master = no
> hide unreadable = yes
> wins support = no
> winbind use default domain = yes
> domain master = No
> netbios name = samba-newb
> workgroup = scl
> prefered master = no
> dns proxy = no
> idmap uid = 15000-20000
> idmap gid = 15000-20000
> realm = server.com
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> add machine script = /usr/sbin/useradd -c Machine -d
> /var/lib/nobody -s /bin/false %m$
> use spnego = yes
> server string = samba-newb
> update encrypted = yes
> domain logons = yes
> winbind separator = +
> winbind enum users = yes
> winbind enum groups = yes
> encrypt passwords = yes
> os level = 20
> template shell = /bin/bash
> template homedir = /home/%D/%U
>
> [newb]
> comment = newb
> inherit acls = Yes
> path = /usr/local/files/
> read only = no
> force group = users
> force user = users
> guest ok = no
>
> I can run the net ads join command which works fine, but if I try to
> authentication without a local account I am recieving errors. Any
> assistance or pointers is appreciated.
>
> --
> Jason Gerfen
> Student Computing Labs, University Of Utah
> jason.gerfen at scl.utah.edu
>
> J. Willard Marriott Library
> 295 S 1500 E, Salt Lake City, UT 84112-0860
> 801-585-9810
>
> "My girlfriend threated to
> leave me if I went boarding...
> I will miss her."
> ~ DIATRIBE aka FBITKK
Jason,
It looks like your smb.conf is set up more for a Samba PDC than for a member
server in a Windows AD. Are you looking to make your Samba server a member
server? If so:
security = ads
wins server = ip.of.your.winsserver
I don't believe you need:
passdb backend = ldapsam
Is kerberos installed, and do you have krb5.conf set up properly?
Dimitri
More information about the samba
mailing list