[Samba] Integrating samba with existing AD
Robert Freeman-Day
presgas at gmail.com
Wed Jul 20 07:38:58 MDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/20/2011 04:44 AM, Thibaut POUZET wrote:
> Hi everyone,
>
>
>
> I am currently trying to set-up a samba server in my network in order to
> replace the existing windows samba server. It's been now two weeks that I am
> struggling with a vicious problem, and I cannot see any issue right now.
> Before I loose all my hairs, I am sharing with you this problem : hopefully,
> someone will have a tip for me.
>
>
>
> The software involved :
>
> Server Linux CentOS 5.6
>
> Windows 2003 Serveur R2 with working AD and another DNS server working just
> fine.
>
> # rpm -qa | grep samba
>
> samba-3.0.33-3.29.el5_6.2
>
> samba-common-3.0.33-3.29.el5_6.2
>
> samba-client-3.0.33-3.29.el5_6.2
>
> # rpm -qa | grep krb
>
> pam_krb5-2.2.14-18.el5
>
> pam_krb5-2.2.14-18.el5
>
> krb5-libs-1.6.1-55.el5_6.1
>
> krb5-devel-1.6.1-55.el5_6.1
>
> krb5-workstation-1.6.1-55.el5_6.1
>
> krb5-libs-1.6.1-55.el5_6.1
>
>
>
> The smb.conf
>
> http://pastebin.com/9iCd1meR
>
>
>
> The krb5.conf
>
> http://pastebin.com/nJ2DuBFi
>
>
>
> In the nsswich.conf
>
> passwd: files ldap winbind
>
> shadow: files ldap
>
> group: files ldap winbind
>
>
>
> The problem (Everything seems to work just fine ):
>
> # kinit -V thibaut
>
> Password for thibaut at WORK-NETWORK.COM:
>
> Authenticated to Kerberos v5
>
>
>
> # net join -S pwdsrv -U Thibaut
>
> Thibaut's password:
>
> Using short domain name -- WORK
>
> DNS update failed!
>
> Joined 'smbsrv' to realm 'WORK-NETWORK.COM'
>
>
>
> wbinfo -u
>
> wbinfo -g
>
> getent passwd
>
> getent group
>
> => All of them returns all I want (users and groups, with locals for the
> last two commands)
>
>
>
> # smbclient -L localhost -U Thibaut
>
> Password:
>
> Domain=[WORK] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_6.2]
>
>
>
> Sharename Type Comment
>
> --------- ---- -------
>
> IPC$ IPC IPC Service (Server blabla)
>
> thibaut Disk Home Directories
>
> Domain=[WORK] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_6.2]
>
>
>
> Server Comment
>
> --------- -------
>
> SMBSRV Serveur blabla
>
>
>
> Workgroup Master
>
> --------- -------
>
> WORK
>
>
>
> . and that's all. The windows clients can connect and see some shares (I
> guess thank's to passthru), for instance I can see my home folder and the
> printers folders, but not the others as with smbclient. Furthermore, Even if
> I can see the roots folders, I cannot parse them : I am prompted a
> login+password form when I try to enter the "Thibaut" folder, for instance.
> I think I am connected as a guest user, but I am not sure of that.
>
> And when I try to access the folder Thibaut, I got some logs :
>
>
>
> [2011/07/20 09:50:38, 2] lib/access.c:check_access(323)
>
> Allowed connection from (a.b.c.d)
>
> [2011/07/20 09:50:38, 2] smbd/service.c:make_connection_snum(617)
>
> user 'WORK\thibaut' (from session setup) not permitted to access this
> share (thibaut)
>
>
>
> So where am I going wrong ? L
>
>
>
> Thibaut.
>
I would first migrate from the no longer supported 3.0.x codebase to
something supported by the samba team:
http://wiki.samba.org/index.php/Samba3_Release_Planning
I wrote up a quicky migration how-to so that people can move from the
samba packages to RHEL's introduced samba3x packages. Perhaps that can
help you move over:
https://uisapp2.iu.edu/iukc-prd/pages/viewpage.action?pageId=137093
Robert
- --
________
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk4m2m4ACgkQup357T5MfTY6QQCfQMi/ZzNbOIGu7VnAzkbEPWO9
bpIAoJ2bEMrax0GftjvG618//WNCc23W
=1eYc
-----END PGP SIGNATURE-----
More information about the samba
mailing list