[Samba] Samba and active Directory
Dimitri Yioulos
dyioulos at firstbhph.com
Fri May 14 09:47:52 MDT 2010
On Friday 14 May 2010 11:28:05 am Dimitri Yioulos
wrote:
> On Friday 14 May 2010 5:11:20 am Andreas Hubert
>
> wrote:
> > hi all,
> >
> > yes the good old topic where most people have
> > a problem with :)
> >
> > I have a Windows 2003 Active Directory Server
> > und want that users on this directory are
> > able to login on a Samba Share. The
> > authentication with wbinfo -a user%password
> > works and I already joined the domain with
> > net ads join
> > I am also able to authenticate as directory
> > user with his directory password, BUT only if
> > this username also exists in the /etc/passwd
> > file. Users which username is not in the
> > lokal passwd file cannot login. I use samba
> > Version 3.0.37 on Solaris 10, here is my
> > smb.conf:
> >
> > [global]
> > workgroup = ABC
> > realm = ABC.DE
> > server string = Samba Server
> > security = ADS
> > map to guest = Bad User
> > password server = ABCDC01.abc.de
> > ABCDC02.abc.de use kerberos keytab = Yes
> > log file = /var/log/samba/log.%m
> > max log size = 50
> > time server = Yes
> > os level = 65
> > local master = No
> > domain master = No
> > wins support = Yes
> > idmap uid = 10000-20000
> > idmap gid = 10000-20000
> > winbind separator = +
> >
> >
> > [test]
> > comment = test
> > path = /test
> >
> > read only = No
> > [/code]
> >
> > The user ABC+corpus also exists locally and I
> > am able to logon with his Directory password
> > on the share, but not with the user ABC+ahu
> > If I just do
> > useradd ahu
> > I am able to logon with this user!
> > What am I doing wrong? I also want that users
> > from the directory will be mapped to the
> > local user corpus from the access rights and
> > would do this with "force user = corpus" on
> > the share, would this be right?
> >
> > Thanks for any help
>
> Firstly, did you configure Kerberos properly.
> Nextly, and I could be wrong on this, but I
> think you need to change:
>
> valid users = ABC+corpus, ABC+ahu
>
> to:
>
> valid users = "@ABC+corpus" "@ABC+ahu"
>
> Dimitri
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
Oops, sorry on the valid users piece. What I told
you applies to groups. But, since you have:
winbind use default domain = Yes
perhaps you only need to specify the user names
in "valid users".
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba
mailing list