Working Samba 3 config serving files with proper permissions via ADS security + Request for samba experts in the UK
Hafeez Bana
hafeez.bana at gmail.com
Sun Jul 22 07:54:25 MDT 2012
The scenario I am trying to implement is one where samba is joined to ADS
(done successfully) - but the machine doesn't authenticate logons via ADS -
I was it to use local /etc/passwd without the the /etc/passwd mirroring
accounts on the ADS.
Is this even possible?
Hafeez
On Sat, Jul 21, 2012 at 10:04 PM, Daniele Dario <d.dario76 at gmail.com> wrote:
> Hi Hafeez,
>
> On Fri, 2012-07-20 at 11:00 +0100, Hafeez Bana wrote:
> > Hi Guys,
> >
> > Does anyone have samba3 working by joining it to a domain with ADS
> security
> > enabled (with no local accounts mirroring the AD accounts)? If so could
> you
> > post your config and details of your setup? I've followed the guide but
> > whenever I try to access the share, I keep getting username/password
> > prompts which I know I am filling out correctly.
> >
> > Also if you are are a samba (both 3 and 4) expert and located in the UK -
> > would love to be able to tap into your expertise for a fee. Please get in
> > touch.
> >
> > Regards.
> > Hafeez
>
> don't know if it could help (I'm not a developer nor have a deep
> knowledge on that) but I managed to have 2 working AD DC with samba4
> (for now without s3fs enabled) and 2 samba3 servers joined to their
> domain with ADS security.
>
> All of the servers are ubuntu (10.04, 10.10 or 11.04 all 32 bit).
>
> The samba3 smb.conf looks like the examples you can find on the
> internet. Now I'm out of the office and without a good connection so I
> can't pick up a copy (I'll post it next if you want).
>
> The rules I followed are the ones in the wiki
> http://wiki.samba.org/index.php/Samba_%26_Active_Directory
>
> What I had to note you is:
> 1. assert you can see your dns server(s) or try adding it(them)
> directly to your /etc/hosts
> 2. assert kinit allows you to authenticate on DC(s)
> 3. double check nsswitch configuration to be like the one in the
> wiki
> 4. during join (for me) I was not able to add dns record (so I had
> to add them by hand on AD dns zones).
>
> Regards,
> Daniele.
>
>
>
More information about the samba-technical
mailing list