[Samba] User problem (samba, w2k3)

Thu Apr 29 12:46:57 GMT 2004

Hi there

Could you also join your krb5.conf and your pam.d/login files ?
I also have the same kind of problem, and I just would like to see 
differences between our configurations ...

Thanks for reading !

Bertram

>From: Markus Klimke <m.klimke at tu-harburg.de>
>To: samba at lists.samba.org
>Subject: [Samba] User problem (samba, w2k3)
>Date: Thu, 29 Apr 2004 13:00:53 +0200
>
>Hello all,
>
>:: Strategy ::
>
>I am using Samba 3.0.2a with security mode ADS, hooking a fileserver up to 
>a W2k3 server and domain. The join worked as mentioned in the 
>documentation. For auth of users I use nssldap to query the LDAP database 
>of W2k3, so my windows users are visible either under linux and windows.
>
>:: Problem ::
>
>If I try to share the homes or other points I'm asked to type in a username 
>and a password. When I type in a username, which is as described visible on 
>both sides, windows says that this user is not valid to enter the share. As 
>a workaround I used an "admin" entry in the smbpasswd, which has access to 
>the shares. I think this is a very ugly hack. I also tried it with winbind, 
>but it didn't work also. When I open the security tab under windows of a 
>share or the subdirectories within, it shows entries like "FILER\user" 
>which is not my domain just the samba server itself. Maybe this is correct, 
>but I can't make any change of adding a user to the security context of 
>windows.
>
>I am not using the winbind name switch in nsswitch.conf and not any winbind 
>pam auth, because of using nssldap for making users visible on linux and 
>pam_krb5/pam_ldap for the auth. My W2k3 is operating in advanced mode (not 
>native or mixed mode), which might be a problem, but I don't believe this. 
>If I type "wbinfo -u" the users on windows side are listed, but not with 
>the domain separator, just the user itself.
>
>:: Question ::
>
>How can I map samba shares with "security = ADS" on a windows machine, 
>without using "smbpasswd"?
>
>:: smb.conf ::
>
># Global parameters
>[global]
>         workgroup = DOMAIN
>         realm = DOMAIN.DE
>         security = ads
>         password server = w2k3.domain.de
>         encrypt passwords = yes
>         #smb passwd file = /etc/samba/smbpasswd
>	;; I don't want to use this line, because the documentation
>	;; said I don't need this
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         os level = 10
>         preferred master = no
>         idmap uid = 500-6000
>         idmap gid = 500-6000
>         winbind separator = +
>         winbind enum users = yes
>         winbind enum groups = yes
>         winbind trusted domains only = yes
>	;; Catched the above line from a hint, which was mentioned
>	;; to fix the problem
>
>[homes]
>         comment = %u's Home Directory
>	;; This one's always showing, if smbpasswd entry above
>	;; is enabled: "admin's Home Directory", where admin is
>	;; is the smbpasswd entry to get shares mapped
>         create mask = 0755
>         read only = No
>         browseable = No
>
>[shared]
>         comment = Share Point
>         path = /shared
>         read only = no
>         browseable = yes
>
>[backup]
>         comment = Backup Repo
>         path = /backup
>         read only = yes
>         browseable = no
>
>
>Many thanks for every hint or assistance
>Best regards
>-markus
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba

_________________________________________________________________
Trouvez l'âme soeur sur MSN Rencontres http://g.msn.fr/FR1000/9551