[Samba] Samba as fileserver in an Windows AD Domain
Daniel Bauer
mlist at dsb-gmbh.de
Wed Oct 28 12:46:44 MDT 2009
Hallo,
I tried to setup a SuSE10.2 with samba 3.0.23d (but the same trouble with
SuSE11.1).
I got a valid Kerberos Ticket and joined successfully the domain (with net
join).
Users and group are displayed with wbinfo -u / -g . I could also verify
accounts with wbinfo -a user%pass.
When I tried to access the shares, the dialog apears to give the
credentials. It doesn't matter what you fill in, there is no access.
I also could not get users and groups with getent passwd / group. I tried
different configs of
/etc/nsswitch.conf with different results:
only local accounts will be showed:
passwd: compat
group: compat
local account and the group BUILTIN
passwd: files winbind
group: files winbind
here are the local account, the BUILTIN group and a new entry like this:
"+::0:" are displayed
I think there is a problem with matching Windows LDAP with *nix LDAP
passwd: files winbind ldap
group: files winbind ldap
My /etc/smb.conf:
[global]
workgroup = WIN2003SRV
security = ADS
realm = win2003srv.loc
idmap backend = ad
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/%D/%U
winbind separator = +
password server = 10.1.2.154
domain master = No
ldap ssl = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
encrypt passwords = yes
client use spnego = yes
wins server = 10.1.2.154
I see successful logins at the Windows DC.
Do I need LDAP, or is Kerberos enough?
Could somebody tell me what I do wrong?
Thanks a lot
Daniel
More information about the samba
mailing list