[Samba] General Questions: Regards ADS
Rashaad S. Hyndman
IslandBwoy at ToughGuy.net
Fri Nov 12 21:08:28 GMT 2004
Do you have any idea as to why when I search for the machine in the domain
it comes up with a description of domain controller in Actice Directory? If
i click on the machine itself it says that its a workstation or server but
the main fact that it shows up as domain controller when searched troubles
me.
Here is what i have in my smb.conf file:
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.NET
server string = Samba Server de Me
netbios name = delshare
security = ADS
password server =addc01
name resolve order = wins lmohosts host bcast
preferred master = No
local master = No
dns proxy = No
[public]
guest ok = yes
public = yes
path = /usr/share/public
comment = share on machine
[homes]
guest ok = no
read only = no
----- Original Message -----
From: "sharif islam" <sharif.islam at gmail.com>
To: "Rashaad S. Hyndman" <islandbwoy at toughguy.net>
Cc: <samba at lists.samba.org>
Sent: Friday, November 12, 2004 3:20 PM
Subject: Re: [Samba] General Questions: Regards ADS
> On Fri, 12 Nov 2004 14:44:14 -0500, Rashaad S. Hyndman
> <islandbwoy at toughguy.net> wrote:
> > I have been playing with getting my samba server to participate in an
Acive
> > Directory domain for some time and have noticed a couple things about
when i
> > get the machine working (or so i think). One is that when the machine
joins
> > the domian it always show up as a domain controller. I dont want this
to
> > happen. I simply wish for it to be able to authenticate users to its
share
> > based on the domain users. Therefore, only users on the domain should
be
> > able to get to the samba shares! Up to this point in have been doing
the
> > following:
> >
> > 1. relam = MY.REALM
> > 2. security = ADS
> > 3. encrypt passwords = yes
> > and configuring my winbind file.
> >
> > Is this all i have to do? Do i have the wrong impression as to what ADS
> > security provides? Again, all i want to do is avoid having to create a
user
> > for EVERYone on my domain and two allow domain users to authenticate to
the
> > samba shares.
>
> That is right. AFAIK, if you don't tell the samba machine to be a
> domain controller it won' t be one. It will act like a member server.
> The user should be able to authenticate via the ADS, no need to create
> local accounts. Here's my samba setting for ADS:
>
> [global]
> workgroup = REALM
> realm = REALM.ORG
> server string = Samba Server
> security = ADS
> password server = <your domain controller>
> log file = /var/log/samba/samba.log
> name resolve order = wins lmhosts host bcast
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> os level = 0
> preferred master = No
> local master = No
> domain master = No
> dns proxy = No
> wins server = <if you are wins server>
> idmap uid = 10000-600000
> idmap gid = 10000-600000
> winbind cache time = 600
> winbind use default domain = Yes
> strict allocate = Yes
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list