[Samba] samba Active directory and SSO

Bruno Guerreiro bruno.guerreiro at ine.pt
Fri Dec 16 16:37:26 GMT 2005 

Hi,
I think there is one thing or two you must change. 

> -----Original Message-----
> From: M.Sebbane at aui.ma [mailto:M.Sebbane at aui.ma] 
> Sent: sexta-feira, 16 de Dezembro de 2005 15:48
> To: samba at lists.samba.org
> Subject: [Samba] samba Active directory and SSO
> 
> Dear all,
> 
> I guess there were a lot of posts about this subject, but Im 
> really stuck & prefer start a new thread hoping that some of 
> you won't mind re-posting to help the Samba NewBie that I am.
> 
> well, here is my situation:
> - more than 1000 users on a hetegenous network, One Domain & 
> the need to keep only one.
> 
> - I need my Linux Boxes' users to get authenticated against a 
> single AD, therefore I installed Samba 3 on a redhat 9 kernel 2.4, 
> 
> - smbd, nmbd & Winbind are running
> 
> - the linux boxes joined my domain using the command
>         [root at LinuxBox root]#net ads join -U Administrator%password 
> 
> - I am able to view the list of the users in the AC, with:
>         [root at LinuxBox root]#/usrlocal/samba/bin/wbinfo -u 
> 
> HOWEVER, I get the listing in the format username  not the supposed 
> MYDAMAINNAME+username
> 
> furthermore, when I try to logon the linuxbox using one of my 
> AD users, I simply cannot Please find below my config files: 
> smb.conf, /pam.d./login & /etc/nsswitch
> 
> Thank you very much for reading my post & Please let me know 
> if you need anymore information....
> 
> Best Regards,
> 
> smb.conf
> 
> #======================= Global Settings 
> =====================================
> [global]

<--snip -->

>  winbind usedefault domain = yes

I think this must be set to no in order to show also the MYDOMAIN part,i.e
winbind use default domain = no

According to man 5 smb.conf you should set also winbind separator:

       winbind separator (G)
              This parameter allows an admin to define the character used
when
              listing a username of the form of DOMAIN \user.  This
parameter
              is  only  applicable  when using the pam_winbind.so and
nss_win-
              bind.so modules for UNIX services.

              Please note that setting this parameter  to  +  causes
problems
              with  group membership at least on glibc systems, as the
charac-
              ter + is used as a special character for NIS in /etc/group.

              Default: winbind separator = â\â

              Example: winbind separator = +

> ===================================
> Sebbane Mehdi
> Network & Systems Administrator
> ITS Department
> Alakhawayn University
> Ifrane 53000
> Morocco
> Voice : +212 (0) 55 86 24 23
> Fax:      +212 (0) 55 86 24 24
> www.aui.ma
> ===================================
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 

Best Regards,
Bruno Guerreiro

More information about the samba mailing list