[Samba] Authentication against AD

Morten-Christian Bernson mcb at uib.no
Thu Nov 13 18:49:56 GMT 2003


We have a FreeBSD webserver with Samba 2.2.8.  It has been set up as a
member-server of our active directory domain, and all seems good so
far.

What I want is to let a set of users access a share (www) as the
www-user, and they should authenticate against AD, and they should not
need an account on the BSD machine at all.  I don't want any add user
script and so on, I only want them to access the share if they are one
of the defined users, and the password is aproved by the windows
servers.

This is how the config looks now:

  [global]
    workgroup = KJ
    netbios name = Pauling
    server string = Webserver
    max open files = 1000
    preferred master = no
    character set = ISO8859-1
    client code page = 437
    case sensitive = yes
    log file = /var/log/samba/log.%m
    max log size = 500
    security = domain
    password server = *
    encrypt passwords = yes
    socket options = TCP_NODELAY
    deadtime = 15
    password level = 3
    debug level = 1
    wins server = <Our wins-servers>
    dns proxy = no

I want a www-share something like this:
  [www]
    comment = Webfiles
    path = /www
    public = no
    writeable = yes
    browseable = yes
    force user = www
    force group = www
    valid users = uib\mcb, uib\nkjmb, student\st01654

But it doesn't work, and I suspect it's the valid users that doesn't
understand the domain\ part.

Any ideas on how I can accomplish what I want?

Some info:
The server is a part of the KJ-domain, which is under the UIB-domain
in AD.  The users are in the UIB-domain (the top of the forest) and in
the STUDENT-domain (which is a trusted domain in its own forest).


-- 
Morten-Christian Bernson
System Administrator
Department of Chemistry, University in Bergen





More information about the samba mailing list