[Samba] Samba <- Winbind -> Windows 2003 ADS Questions
kel.way at magotteaux.com
kel.way at magotteaux.com
Fri Nov 7 16:20:25 GMT 2003
Hi everyone,
I'm relatively new to Samba - at least for more in-depth installations.
Big Thank-You from my company to the brilliant developers responsible for
this software. We have our Samba server integrated with our Windows 2003
AD domain users via Winbind - a working installation with some issues
described below. getent passwd works as the many docs show (one entry
below):
MYCOMPANY+jsmith:x:10890:10000:John Smith:/home/MYCOMPANY/jsmith:/bin/bash
When logged on to a Windows XP machine as MYCOMPANY\jsmith and attempting
to connect to the smith share, access is denied. A check of the logs with
level=10 shows that XP is passing MYCOMPANY.ORG+jsmith, and I'm therefore
required to use the format MYCOMPANY.ORG+jsmith as a valid user. This is
inconsistent with the various documents I've seen on the procedure which
show the format for valid users as MYCOMPANY+jsmith
Additionally, I'm trying to set up home directories on this Samba box, and
so I had to create a directory: /home/MYCOMPANY.ORG/jsmith (note my
smb.conf entry: template homedir = /home/%D/%U)You'll note from the 'getent
passwd' output above that the home is actually listed as
/home/MYCOMPANY/jsmith. So, the result is that if I log into the console
as MYCOMPANY+jsmith , it looks for /home/MYCOMPANY/jsmith, and if I connect
to the homes share via Samba, it looks for /home/MYCOMPANY.ORG/jsmith .
Not the way I'd like it to be.
I've been through various documentation sources (my desk is quite out of
control with Samba docs), so I apologize if a reason and solution is
clearly documented somewhere. I spent the last hour searching and I cannot
find a solution. Perhaps someone here can assist me.
Many Thanks,
Kel Way
Samba 3 from source (latest as of yesterday)
krb5-1.3.1-6
openldap-2.1.22-6
Fedora Core .95 Severn
krb.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = MYCOMPANY.ORG
default_tgs_enctypes = des-cbc-md5
default_tkt_enctypes = des-cbc-md5
forwardable = true
proxiable = true
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
MYCOMPANY.ORG = {
kdc = nash-dc-01.mycompany.org:88
admin_server = nash-dc-01.mycompany.org:749
default_domain = mycompany.org
}
[domain_realm]
.mycompany.org = MYCOMPANY.ORG
mycompany.org = MYCOMPANY.ORG
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Snip from smb.conf:
[global]
log level = 10
realm = MYCOMPANY.ORG
security = ADS
encrypt passwords = yes
workgroup = MYCOMPANY
password server = nash-dc-01.mycompany.org
# winbind config
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
#client use spnego = yes
#winbind use default domain = yes
server string = Nashville File and Print Server
log file = /var/log/samba/%m.log
# Put a capping on the size of the log files (in Kb).
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
wins server = 209.93.144.12
dns proxy = no
[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 0700
[myshare]
comment = Mary's and Fred's stuff
path = /maryfred
valid users = MYCOMPANY.ORG+jsmith
public = no
writable = yes
printable = no
create mask = 0765
More information about the samba
mailing list