[Samba] General Questions: Regards ADS

Rashaad S. Hyndman IslandBwoy at ToughGuy.net
Fri Nov 12 20:26:49 GMT 2004 

Thanks Sharif,

I'll give that a go.
----- Original Message ----- 
From: "sharif islam" <sharif.islam at gmail.com>
To: "Rashaad S. Hyndman" <islandbwoy at toughguy.net>
Cc: <samba at lists.samba.org>
Sent: Friday, November 12, 2004 3:20 PM
Subject: Re: [Samba] General Questions: Regards ADS


> On Fri, 12 Nov 2004 14:44:14 -0500, Rashaad S. Hyndman
> <islandbwoy at toughguy.net> wrote:
> > I have been playing with getting my samba server to participate in an
Acive
> > Directory domain for some time and have noticed a couple things about
when i
> > get the machine working (or so i think).  One is that when the machine
joins
> > the domian it always show up as a domain controller.  I dont want this
to
> > happen.  I simply wish for it to be able to authenticate users to its
share
> > based on the domain users.  Therefore, only users on the domain should
be
> > able to get to the samba shares!  Up to this point in have been doing
the
> > following:
> >
> > 1. relam = MY.REALM
> > 2. security = ADS
> > 3. encrypt passwords = yes
> >  and configuring my winbind file.
> >
> > Is this all i have to do? Do i have the wrong impression as to what ADS
> > security provides?  Again, all i want to do is avoid having to create a
user
> > for EVERYone on my domain and two allow domain users to authenticate to
the
> > samba shares.
>
> That is right. AFAIK, if you don't tell the samba machine to be a
> domain controller it won' t be one. It will act like a member server.
> The user should be able to authenticate via the ADS, no need to create
> local accounts. Here's my samba setting for ADS:
>
> [global]
>         workgroup = REALM
>         realm = REALM.ORG
>         server string = Samba Server
>         security = ADS
>         password server = <your domain controller>
>         log file = /var/log/samba/samba.log
>         name resolve order = wins lmhosts host bcast
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         os level = 0
>         preferred master = No
>         local master = No
>         domain master = No
>         dns proxy = No
>         wins server = <if you are wins server>
>         idmap uid = 10000-600000
>         idmap gid = 10000-600000
>         winbind cache time = 600
>         winbind use default domain = Yes
>         strict allocate = Yes
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list