[Samba] AD Auth 2003

Edward Brookhouse ebroo at healthydirections.com
Thu Jul 21 18:59:27 GMT 2005 

Hi all,

 

I am attempting to setup a SMB server that will auth to Windows2003 AD -


 

I've setup SMB many times, but this is my first attempt at AD auth
integration.

 

Most everything (testing from commandline) works - see below info

 

But the docs say I need to copy pam_winbind.so to /lib/security but I
can not find this file in the samba source distro. So what goes into
/etc/pam.d/samba or /etc/pam.d/login ??

 

When I attempt to access a share on this server, I see no errors but can
not auth, presumably because pam_winbind is missing.

 

See below for details of setup -

 

Any thoughts appreciated,

 

Edward

Ebrooathealthydirectionsdotcom

 

 

 

 

I'm using a RH Fedora Core 2 box with Samba 3.0.14a and these Krb
versions :



krb5-devel-1.3.6-4

pam_krb5-2.0.10-1

krb5-libs-1.3.6-4

krb5-workstation-1.3.6-4

 

 

What works -

 

Kinit username at domain works fine -

net ads join -uUsername%password works fine

wbinfo -u works fine

wbinfo -t works fine

 

My samba log.smbd and log.nmbd and log.winbindd all show successful
startup 

 

My smb.cnf looks like

 

[global]

netbios name = GOETHE

server string = IT Dev Server

realm = CORP.PHILLIPS.COM

workgroup = CORP

password server = 172.17.17.110

security = ADS

encrypt passwords = yes

socket options = TCP_NODELAY 

   local master = no 

   dns proxy = yes 

   winbind separator = +

winbind uid = 10000-20000

        winbind gid = 10000-20000

        winbind enum groups = yes

        winbind enum users = yes

#============================ Share Definitions
==============================

   idmap uid = 16777216-33554431

   idmap gid = 16777216-33554431

   template shell = /bin/false

   winbind use default domain = no

 

[homes]

   comment = Home Directories

   browseable = no

   writable = yes

      user = @"CORP+domain users"

# specifically define each individual printer [printers]

   comment = All Printers

   path = /var/spool/samba

   browseable = no

   guest ok = no

   writable = no

   printable = yes

 

 [Tellu]

        comment = TellU Inventory Client

        path = /home/share/tellu

        public = yes

        writeable = no

      user = @"CORP+domain users"

More information about the samba mailing list