[Samba] User problem (samba, w2k3)
Yohann Ferreira
bertram25 at hotmail.com
Thu Apr 29 12:46:57 GMT 2004
Hi there
Could you also join your krb5.conf and your pam.d/login files ?
I also have the same kind of problem, and I just would like to see
differences between our configurations ...
Thanks for reading !
Bertram
>From: Markus Klimke <m.klimke at tu-harburg.de>
>To: samba at lists.samba.org
>Subject: [Samba] User problem (samba, w2k3)
>Date: Thu, 29 Apr 2004 13:00:53 +0200
>
>Hello all,
>
>:: Strategy ::
>
>I am using Samba 3.0.2a with security mode ADS, hooking a fileserver up to
>a W2k3 server and domain. The join worked as mentioned in the
>documentation. For auth of users I use nssldap to query the LDAP database
>of W2k3, so my windows users are visible either under linux and windows.
>
>:: Problem ::
>
>If I try to share the homes or other points I'm asked to type in a username
>and a password. When I type in a username, which is as described visible on
>both sides, windows says that this user is not valid to enter the share. As
>a workaround I used an "admin" entry in the smbpasswd, which has access to
>the shares. I think this is a very ugly hack. I also tried it with winbind,
>but it didn't work also. When I open the security tab under windows of a
>share or the subdirectories within, it shows entries like "FILER\user"
>which is not my domain just the samba server itself. Maybe this is correct,
>but I can't make any change of adding a user to the security context of
>windows.
>
>I am not using the winbind name switch in nsswitch.conf and not any winbind
>pam auth, because of using nssldap for making users visible on linux and
>pam_krb5/pam_ldap for the auth. My W2k3 is operating in advanced mode (not
>native or mixed mode), which might be a problem, but I don't believe this.
>If I type "wbinfo -u" the users on windows side are listed, but not with
>the domain separator, just the user itself.
>
>:: Question ::
>
>How can I map samba shares with "security = ADS" on a windows machine,
>without using "smbpasswd"?
>
>:: smb.conf ::
>
># Global parameters
>[global]
> workgroup = DOMAIN
> realm = DOMAIN.DE
> security = ads
> password server = w2k3.domain.de
> encrypt passwords = yes
> #smb passwd file = /etc/samba/smbpasswd
> ;; I don't want to use this line, because the documentation
> ;; said I don't need this
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> os level = 10
> preferred master = no
> idmap uid = 500-6000
> idmap gid = 500-6000
> winbind separator = +
> winbind enum users = yes
> winbind enum groups = yes
> winbind trusted domains only = yes
> ;; Catched the above line from a hint, which was mentioned
> ;; to fix the problem
>
>[homes]
> comment = %u's Home Directory
> ;; This one's always showing, if smbpasswd entry above
> ;; is enabled: "admin's Home Directory", where admin is
> ;; is the smbpasswd entry to get shares mapped
> create mask = 0755
> read only = No
> browseable = No
>
>[shared]
> comment = Share Point
> path = /shared
> read only = no
> browseable = yes
>
>[backup]
> comment = Backup Repo
> path = /backup
> read only = yes
> browseable = no
>
>
>Many thanks for every hint or assistance
>Best regards
>-markus
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: http://lists.samba.org/mailman/listinfo/samba
_________________________________________________________________
Trouvez l'âme soeur sur MSN Rencontres http://g.msn.fr/FR1000/9551
More information about the samba
mailing list