[Samba] Samba 3 as a Windows 2000 ADS Domain Member
James McDonald
james at jamesmcdonald.id.au
Sun Dec 21 09:51:37 GMT 2003
I have read and followed
http://samba.mirror.aarnet.edu.au/samba/docs/man/domain-member.html#ads-member
regarding setting up a samba 3 box as an ADS Domain Member.
But am unsure of how it is suppose to work in real life.
Do you still need unix groups on the samba 3 machine to map to the ADS
groups? I noticed some ldap idmap dn settings but am uncertain if this
can work off the Win2k ADS or does it require a special schema.
When I run smbclient -k //windows2000server/share from my samba 3 box it
fails until I run kinit USER at MY.REALM is this correct?
I suppose my understanding of the samba 3 ADS architecture is somewhat
limited and reading the documentation helps though perhaps assumes a lot
of givens so maybe I need to have a dialogue with some one who has 'been
there done that' in relation to setitng up a samba 3 box as a windows
2000 member server. If what I am providing is not correct please flame
me till I get it right.... I would like to learn more about Samba's
setup/configuration.
My setup is a follows
A Win2k DC Running in a VMWARE Session on a "Linux RH9 box running Samba
Version CVS 3.1.0alpha1"
my /etc/krb5.conf
[libdefaults]
ticket_lifetime = 24000
default_realm = JMCD.LOCAL
[realms]
JMCD.LOCAL = {
kdc = dc1.jmcd.local:88
admin_server = dc1.jmcd.local:749
default_domain = jmcd.local
}
[domain_realm]
.jmcd.local = JMCD.LOCAL
jmcd.local = JMCD.LOCAL
# /etc/smb.conf
# Global parameters
[global]
workgroup = JMCD
realm = JMCD.LOCAL
security = ADS
password server = dc1.jmcd.local:389
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
local master = No
ldap ssl = no
idmap backend = ldap:ldap://dc1.jmcd.local
printing = cups
[homes]
valid users = %S
read only = No
browseable = No
[printers]
path = /tmp
printable = Yes
browseable = No
More information about the samba
mailing list