[Samba] active directory auth & some more

Iustinian T. samba at supremegroup.ro
Thu Jun 30 12:01:06 GMT 2005

I've been trying for a few days to get a samba server 3.0.13 to work as 
an adition to some servers inside a Active Directory domain (windows 
2003) servers.

My first problem is that wbinfo_group.pl does not work anymore after SP1 
update to windows domain controllers, it is not capable of getting sig 
for the group.

Second pb. I managed to get access for windows workstations to the samba 
server according to the authentication from Active Directory. Managing 
rights from the Security tab of a windows station does not work. I got 
"inherit acl = yes" and "nt acl support = yes", so kerberos auth. is 

Third and last pb.

I get authentication only after caching with wbinfo -u and wbinfo -g.

There goes my smb.conf:

# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2005-04-04
        workgroup = bogus workgroup name
        username map = /etc/samba/smbusers
        include = /etc/samba/dhcp.conf
        logon path = \\%L\profiles\.msprofile
        logon home = \\%L\%U\.9xprofile
        logon drive = P:
        add machine script = /usr/sbin/useradd  -c Machine -d 
/var/lib/nobody -s /bin/false %m$
        domain logons = No
        domain master = No
        local master = No
        os level = 65
        preferred master = No
        realm = BOGUS.BOGUS
        encrypt passwords = Yes
        client signing = Yes
        server signing = Yes
        security = ADS
        password server = bogus-adserver
        winbind use default domain = Yes
        winbind cache time = 6000
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind separator = +
        winbind enable local accounts = yes
        client use spnego = Yes

        comment = Home Directories
        valid users = %S
        browseable = No
        read only = No
        inherit acls = Yes

        comment = Network Profiles Service
        path = %H
        read only = No
        store dos attributes = Yes
        create mask = 0600
        directory mask = 0700

        comment = All users
        path = /home
        read only = No
        inherit acls = Yes
        veto files = /aquota.user/groups/shares/

        comment = All groups
        path = /home/groups
        read only = No
        inherit acls = Yes

        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No

        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @ntadmin root
        force group = ntadmin
        create mask = 0664
        directory mask = 0775

        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        write list = root

        comment = Test area
        path = /samba
        inherit acls = Yes
        writeable = Yes
        browseable = Yes
        net acl support = Yes

More information about the samba mailing list