[Samba] Authentication against AD
Morten-Christian Bernson
mcb at uib.no
Thu Nov 13 18:49:56 GMT 2003
We have a FreeBSD webserver with Samba 2.2.8. It has been set up as a
member-server of our active directory domain, and all seems good so
far.
What I want is to let a set of users access a share (www) as the
www-user, and they should authenticate against AD, and they should not
need an account on the BSD machine at all. I don't want any add user
script and so on, I only want them to access the share if they are one
of the defined users, and the password is aproved by the windows
servers.
This is how the config looks now:
[global]
workgroup = KJ
netbios name = Pauling
server string = Webserver
max open files = 1000
preferred master = no
character set = ISO8859-1
client code page = 437
case sensitive = yes
log file = /var/log/samba/log.%m
max log size = 500
security = domain
password server = *
encrypt passwords = yes
socket options = TCP_NODELAY
deadtime = 15
password level = 3
debug level = 1
wins server = <Our wins-servers>
dns proxy = no
I want a www-share something like this:
[www]
comment = Webfiles
path = /www
public = no
writeable = yes
browseable = yes
force user = www
force group = www
valid users = uib\mcb, uib\nkjmb, student\st01654
But it doesn't work, and I suspect it's the valid users that doesn't
understand the domain\ part.
Any ideas on how I can accomplish what I want?
Some info:
The server is a part of the KJ-domain, which is under the UIB-domain
in AD. The users are in the UIB-domain (the top of the forest) and in
the STUDENT-domain (which is a trusted domain in its own forest).
--
Morten-Christian Bernson
System Administrator
Department of Chemistry, University in Bergen
More information about the samba
mailing list