AW: AW: [Samba] Help for Samba 3 and Win ADS

Dieter Wilkens D.Wilkens at kle.net
Thu Oct 30 10:49:19 GMT 2003


Hi Denis,

Thanks for help!
After trying several things out I finally worked it out ;-)

No I can connect with the useres from my WinDomain to the samba server - that's fine

But: How do I create vald shares for the several groups? How can I set the rights for the different folders for different Windows-users & Windows-groups? Has this be done on windows or on linux?

I just tried to set permissions with konqueror (if I type the name of my windomain in the field "user" I can see all valid entries in the field... So there is a connection to my PDC) to my existig samba share - but as soon as I try to create a folder from windows I get an error "permission denied" - the same happens if I try to change permissions from windows..
In windows I can see that I'm a valid user for this folder (all permisssions) but I can't change permissions on this folder an also I can't add files or folders to it....

I only changed the samba entry in the pam.d folder:

Auth		required	pam_winbind.so nodelay
Account	required	pam_winbind.so nodelay
Session	required	pam_winbind.so nodelay
Password	required	pam_winbind.so nodelay


 - do I have to change some more of these files to get this working?


Regards

   Dieter

-----Ursprüngliche Nachricht-----
Von: Denis M.J. [mailto:m21 at altern.org] 
Gesendet: Donnerstag, 30. Oktober 2003 06:04
An: Dieter Wilkens
Cc: samba at lists.samba.org
Betreff: Re: AW: [Samba] Help for Samba 3 and Win ADS


Hi Dieter,

There are several things you need to set up on the samba server for AD 
user to have access to it.

* To be in the AD/domain
    - smb.conf with the proper security mode, password server and realm
    - net join the AD
    - make sure the samba machine shows up in the list of trusted 
computers and is properly accessible (DNS and that kind)
    - make sure smbd, nmbd and winbind run
       you can than check the list of users with the command
        $ getent passwd

* To let users access unix services
    - set up nsswitch.conf so passwd and group also use winbind
    - set up pam properly, ie let it use winbind too.

I think this should work. At least that's what the doc says.
I am not really familiar with the error you're getting but it might be 
because you're not using winbind.
Quote from the doc:
"If winbindd is not running, smbd (which calls winbindd) will fall back to using purely local information from /etc/passwd and /etc/group and no dynamic mapping will be used."

So make sure winbind is running, the HOWTO explains how to add it to you 
/etc/init.d/samba.
It might vary depending on where you got samba from (official package or 
distribution package).
Chapter 21 is on winbind.

I hope it works out for you.
Denis

Dieter Wilkens wrote:

>Hi Denis,
>
>I just tried this but still I can't log on the samba server with a 
>domain user!
>
>If I try to do so I get the error:
>
>[2003/10/29 08:48:37, 0] auth/auth_util.c:make_server_info_info3(1017)
>  make_server_info_info3: pdb_init_sam failed!
>
>in the log file of the client on samba server...
>
>Is there anytihng else I have to adjust on the samba server?
>I sucessfully joined the domain with ADS and can see the server from my 
>windows machine - but as soon as I try to connect I get the error 
>(exept with one user that I created on the linux server....)!
>
>Any ideas?
>
>Here is my smb.conf
>
>**********************************************************************
>
>#======================= Global Settings ======================= 
>[global]
>        log file = /var/log/samba/log.%m
>        server string = %h server (Samba %v)
>        socket options = TCP_NODELAY
>        encrypt passwords = yes
>        security = ads
>        realm = <MYREALM>
>        workgroup = <MYDOMAIN>
>        password server = <MYWINPDC>
>        syslog = 0
>
>#====================== Shares ================================= 
>[daten] comment = Daten auf Debian
>path = /daten
>browsable = yes
>guest ok = yes
>
>**********************************************************************
>
>
>
>-----Urspr?ngliche Nachricht-----
>Von: Denis M.J. [mailto:m21 at altern.org]
>Gesendet: Dienstag, 28. Oktober 2003 21:52
>An: Dieter Wilkens
>Cc: samba at lists.samba.org
>Betreff: Re: [Samba] Help for Samba 3 and Win ADS
>
>
>If you're joining the AD you can use the mode ADS with the lines # smb.conf:
>    security = ADS
>    realm =  your.kerberos.realm
>    encrypt passwords = yes
>    password server = MYWINPDC
>
>please refer to section 7.4 (Domain Membership - Samba ADS Domain
>Membership) in the HOWTO.
>
>
>
>Dieter Wilkens wrote:
>
>  
>
>>Thanks for that hint.
>>I downloaded the HOTO and tried to make everything like descibed there
>>but it is still not working ;-(
>>
>>I set the 'security = domain" the 'workgroup = MYDOMAIN' and the
>>'password server = MYWINPDC' in the smb.conf and restartet samba. After 
>>that I tried the 'net join -S MYWINPDC -UMyAdmin%MyPassword' and get 
>>the following result:
>>
>>'realm must be set in smb.conf for ADS join to succeed.
>>ADS join did not work, faling back to RPC...
>>Joined domain MYDOMAIN'
>>
>> 
>>
>>    
>>
>>>>>From the PDC I can see the sambe server in ADS and in the network
>>>>        
>>>>
>>>   
>>>
>>>      
>>>
>>neighborhood. If I try to connect samba asks for a username and
>>password (should be OK with the DOMAIN-Admin.....). So I type in the 
>>Admin and PAssword but without getting a connection. In the logfile on 
>>the samba server there are the following lines in
>>'log.MYWINPDC':
>>
>>'[2003/10/28 10:18:50, 0] 
>>auth/auth_util.c:make_server_info_info3(1017)
>> make_server_info_info3: pdb_init_sam failed!
>>[2003/10/28 10:18:50, 0] auth/auth_util.c:make_server_info_info3(1017)
>> make_server_info_info3: pdb_init_sam failed!
>>[2003/10/28 10:19:28, 0] auth/auth_util.c:make_server_info_info3(1017)
>> nake_server_info_info3: pdb_init_sam failed!'
>>
>>Any ideas wahts going wrong here?
>>
>>Regards
>>
>>  Dieter
>>
>>"Adam Williams" <adam at morrison-ind.com> schrieb im Newsbeitrag
>>news:Lgei.6Tu.1 at gated-at.bofh.it...
>> 
>>
>>    
>>
>>>>Just started to play around with Samba 3 (on debian 3.0) and a
>>>>win2000 domain. Can anyone help me to integrate the Samba server into 
>>>>the win domain? It should act as a file server for the useres and 
>>>>groups from
>>>>     
>>>>
>>>>        
>>>>
>>win
>> 
>>
>>    
>>
>>>>and therefor I need different rights and permissions for the
>>>>shares... Any help is appreciated ;-)
>>>>     
>>>>
>>>>        
>>>>
>>>See the Samba-HOWTO-Collection available on the Samba website.  It
>>>covers this in detail.
>>>
>>>--
>>>To unsubscribe from this list go to the following URL and read the
>>>instructions:  http://lists.samba.org/mailman/listinfo/samba
>>>   
>>>
>>>      
>>>
>> 
>>
>>    
>>
>
>
>
>  
>





More information about the samba mailing list