[Samba] Samba and W2K AD
Thomas Munck Steenholdt
tmus at tmus.dk
Tue Apr 20 19:33:37 GMT 2004
FitzGerald, AJ wrote:
> Hello All,
> Your typical problem....I am trying to configure Samba-3.0.2-6.3E
> on RedHat Linux. I have spent days trying to get this working. What I
> would like to do is provide the ability to connect to Samba shares from
> Windows, more specific, WinXP. What I want to avoid is having to manage
> user accounts on both the Windows or AD side and the Unix side, thus
> having authentication handled by AD. As I understand, to do this you
> set the security in the smb.conf to Domain. Below I have shown my
> smb.conf file. So far the only way I have been able to get this to work
> is by setting security=server and password server = ADservername. I
> have been searching high and low and can't find anything, most all for
> earlier versions of Samba. One problem is the correct usage of "net
> join" I have seen is used so many different ways I don't know which is
> correct but I have been successful in adding the samba server to the
> domain using "net join -S ADservername -U adminuserID". Here is my
> smb.conf...
>
> [global]
> workgroup = domainname
> realm = domainname.com
> server string = Samba Server
> log file = /var/log/samba/%m.log
> max log size = 50
> security = domain
> password server = ADservername (have also tried *)
> encrypt passwords = yes
> unix password sync = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> local master = no
> os level = 33
> wins support = no
> wins server = winsservername
> dns proxy = no
>
> [Test]
> comment = Home Directories
> browseable = no
> writable = yes
> public = yes
> guest ok = yes
>
>
> When I try to run wbinfo -u , after adding the server to the domain
> successfully, I get "Error looking up domain users." For kicks if I
> actually try to map to the samba share from an XP desktop I have got one
> of two errors
> - no logon server available....
> or
> - no trust established....
>
> In the winbind log I get "NT_STATUS_ACCESS_DENIED". I have even bought
> the O'Reilly book Using Samba, followed the sample setup and still the
> same problem. Disconcerting I can find concrete answers or examples
> from such an awesome tool once it works. I am starting to think there
> is a problem on the AD side of things.
>
> Any help would be greatly appreciated.
>
>
What you really want to do is to configure your kerberos, then use
security = ads.
do a kinit administrator at KERBDOMAIN.COM, supply the password and then do
net ads join to join the AD domain...
That should work :o)
Good luck
/Thomas
More information about the samba
mailing list