[Samba] Samba 3.0.14a, Windows 2k3 and ADS
sysrm at stvincent.ac.uk
Mon May 16 12:17:44 GMT 2005
Hi John, read the chapter 7 (and most of the document, very well written
I seem to be where I needed to already.
In one of your examples (22.214.171.124)
"5. Validate the operation of this configuration by executing:" ...
It says that getent passwd administrator SHOULD return the administrator but
I get nothing
Instead if I run getent passwd | grep administrator I get..
Now obviously DEV-DOMAIN+ is the AD part of things, is this possible to be
stripped out? Have I missed something in my smb/krb configuration?
Also my script basically looks at /etc/shadow and grabs out usernames and
passwords and puts them to the various .htaccess auth files and squid auth
Now when I run getent shadow it only returns local account information.
My nsswitch.conf has;
passwd: files winbind
shadow: files winbind
group: files winbind
Should I be seeing more info than just the local accounts? If not, is there
a way in which I can ask the AD / kerberos to provide that information?
Wbinfo doesn't seem to have any option to show crypted passwords...
If it should be (as I am guessing by the "see chapter 7" bit previously
replied to) any ideas why I cant seem to see them/get to them?
From: samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org
[mailto:samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org] On Behalf Of
John H Terpstra
Sent: 13 May 2005 12:06
To: samba at lists.samba.org
Subject: Re: [Samba] Samba 3.0.14a, Windows 2k3 and ADS
On Friday 13 May 2005 04:59, sysrm wrote:
> Thanks john,
> Is there any specific chapter I should be looking at?
Chapter 7 covers Samba as an ADS Domain Member server.
> Searches for the -F switch, adding accounts via samba etc didn't turn
> up anything.
> Also it seems to be written more with samba as the PDC, which isnt the
> case for me.
Nope. Chapter 7 deals with domain member servers and clients in general. It
includes ADS members.
With ADS your Samba server should use Kerberos. To do that on RHEL3 will
require a lot of work. RHEL3 has MIT KRB 1.2.7 - that will not play well
W2K3 ADS for which at least 1.3.4 is needed.
Further comments below.
> Thanks anyways
> -----Original Message-----
> From: samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org
> [mailto:samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org] On Behalf
> Of John H Terpstra
> Sent: 13 May 2005 11:32
> To: samba at lists.samba.org
> Subject: Re: [Samba] Samba 3.0.14a, Windows 2k3 and ADS
> You may find some useful info in the book "Samba-3 by Example" that
> answers your questions. It can be downloaded from:
> John T.
> On Friday 13 May 2005 04:21, sysrm wrote:
> > Hi all
> > Thanks for everyones help so far with trying to get these all working.
> > I am now at the stage where I can logon to the domain and access a
> > samba share with out having to enter in a username password (i.e
> > samba is using AD to authenticate)
> > My system is setup like so:
> > Windows 2k3 PDC (so I get group policy features, bad password
> > attempts, account expiry etc) Samba 3.0.14a on RH es3 linux
> > FileStore ( peoples Home drive email etc )
> > Now I have a couple of questions...
> > 1. I can use the net rpc add user command to add users, when I do
> > this they are disabled in windows AD, and ive been unable to find
> > any documentation of the -F switch (which is where I assume u can
> > say if they are disabled, what their home directory is, and where to
> > map it
> > etc)
I am documenting this now in the Samba-HOWTO-Collection.
> > 2. In various howto's docs etc people talk about using samba as the
> > pdc and open ldap etc. Is the above system using LDAP ? i.e Windows
> > 2k3 AD ? Or is what I have using kerberos?
> > 3. assuming im not using ldap, I have a script that currently runs
> > every 15 mins and brings out a user,cryptpasswd list of my users and
> > gives it out to various services (such as .htaccess and squid)
> > Either by using ldap or another way, how is this possible to do?
> > Since the users are no longer on the linux box (locally)
Use winbind - see chapter 7.
- John T.
> > Many thanks!
> > Ross
> John H Terpstra
> Samba-Team Member
> Phone: +1 (650) 580-8668
> The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
> Samba-3 by Example, ISBN: 0131472216
> Hardening Linux, ISBN: 0072254971
> Other books in production.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
John H Terpstra
Phone: +1 (650) 580-8668
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
To unsubscribe from this list go to the following URL and read the
More information about the samba