[Samba] User problem (samba, w2k3)
Markus Klimke
m.klimke at tu-harburg.de
Thu Apr 29 11:00:53 GMT 2004
Hello all,
:: Strategy ::
I am using Samba 3.0.2a with security mode ADS, hooking a fileserver up
to a W2k3 server and domain. The join worked as mentioned in the
documentation. For auth of users I use nssldap to query the LDAP
database of W2k3, so my windows users are visible either under linux and
windows.
:: Problem ::
If I try to share the homes or other points I'm asked to type in a
username and a password. When I type in a username, which is as
described visible on both sides, windows says that this user is not
valid to enter the share. As a workaround I used an "admin" entry in the
smbpasswd, which has access to the shares. I think this is a very ugly
hack. I also tried it with winbind, but it didn't work also. When I open
the security tab under windows of a share or the subdirectories within,
it shows entries like "FILER\user" which is not my domain just the samba
server itself. Maybe this is correct, but I can't make any change of
adding a user to the security context of windows.
I am not using the winbind name switch in nsswitch.conf and not any
winbind pam auth, because of using nssldap for making users visible on
linux and pam_krb5/pam_ldap for the auth. My W2k3 is operating in
advanced mode (not native or mixed mode), which might be a problem, but
I don't believe this. If I type "wbinfo -u" the users on windows side
are listed, but not with the domain separator, just the user itself.
:: Question ::
How can I map samba shares with "security = ADS" on a windows machine,
without using "smbpasswd"?
:: smb.conf ::
# Global parameters
[global]
workgroup = DOMAIN
realm = DOMAIN.DE
security = ads
password server = w2k3.domain.de
encrypt passwords = yes
#smb passwd file = /etc/samba/smbpasswd
;; I don't want to use this line, because the documentation
;; said I don't need this
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 10
preferred master = no
idmap uid = 500-6000
idmap gid = 500-6000
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind trusted domains only = yes
;; Catched the above line from a hint, which was mentioned
;; to fix the problem
[homes]
comment = %u's Home Directory
;; This one's always showing, if smbpasswd entry above
;; is enabled: "admin's Home Directory", where admin is
;; is the smbpasswd entry to get shares mapped
create mask = 0755
read only = No
browseable = No
[shared]
comment = Share Point
path = /shared
read only = no
browseable = yes
[backup]
comment = Backup Repo
path = /backup
read only = yes
browseable = no
Many thanks for every hint or assistance
Best regards
-markus
More information about the samba
mailing list