[Samba] General Questions: Regards ADS
sharif islam
sharif.islam at gmail.com
Fri Nov 12 20:20:23 GMT 2004
On Fri, 12 Nov 2004 14:44:14 -0500, Rashaad S. Hyndman
<islandbwoy at toughguy.net> wrote:
> I have been playing with getting my samba server to participate in an Acive
> Directory domain for some time and have noticed a couple things about when i
> get the machine working (or so i think). One is that when the machine joins
> the domian it always show up as a domain controller. I dont want this to
> happen. I simply wish for it to be able to authenticate users to its share
> based on the domain users. Therefore, only users on the domain should be
> able to get to the samba shares! Up to this point in have been doing the
> following:
>
> 1. relam = MY.REALM
> 2. security = ADS
> 3. encrypt passwords = yes
> and configuring my winbind file.
>
> Is this all i have to do? Do i have the wrong impression as to what ADS
> security provides? Again, all i want to do is avoid having to create a user
> for EVERYone on my domain and two allow domain users to authenticate to the
> samba shares.
That is right. AFAIK, if you don't tell the samba machine to be a
domain controller it won' t be one. It will act like a member server.
The user should be able to authenticate via the ADS, no need to create
local accounts. Here's my samba setting for ADS:
[global]
workgroup = REALM
realm = REALM.ORG
server string = Samba Server
security = ADS
password server = <your domain controller>
log file = /var/log/samba/samba.log
name resolve order = wins lmhosts host bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 0
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = <if you are wins server>
idmap uid = 10000-600000
idmap gid = 10000-600000
winbind cache time = 600
winbind use default domain = Yes
strict allocate = Yes
More information about the samba
mailing list