[Samba] Samba 3.0.13 ADS domain member on AIX 5.2
Thomas M. Skeren III
tms3 at fsklaw.net
Wed Jul 6 18:04:42 GMT 2005
Scruggs, Ronald wrote:
>All,
>
>I'm trying to figure out if I missed some steps in configuring Samba
>3.0.13 on AIX 5.2 as a Windows 2003 ADS domain member server of the
>domain DEVELOPMENT. Samba is compiled with Heimdal Kerberos and
>openLDAP support, and I successfully joined the ADS domain using net ads
>join after running a kinit. Kerberos appears to be working, wbinfo -u
>and wbinfo -g work; net ads status works fine, smbtree works. However,
>when I try to authenticate to a test share using either a domain user ID
>or a user ID from another domain (CORP) that has a trust relationship
>with the domain that the Samba server is joined to, I see
>NT_STATUS_NO_SUCH_USER in the log.smbd.
>
>So, my two questions are: do I need to be running winbindd?
>
Yes
> Does it
>have to have PAM support,
>
Yes...pam needs to authenticate using ldap/ads
>or is that just for using domain logins on the
>unix side?
>
>smb.conf follows:
>
>[global]
>
>realm = READING.DEVPORTAL.NET
>workgroup = DEVELOPMENT
>password server = usrd106.reading.devportal.net
>security = ADS
>encrypt passwords = yes
>#debug level = 7
>winbind separator = +
>idmap uid = 10000-20000
>idmap gid = 10000-20000
>winbind enum users=yes
>winbind enum groups=yes
>client use spnego = yes
>
>[public]
>comment = Public data directory
>read only = no
>path = /sambapublic
>user = @"DEVELOPMENT+domain users" @"CORP+domain users"
>
>
>
More information about the samba
mailing list