[Samba] Looking for successful implementation of Samba + W2K3 AD
david.billinghurst at comalco.riotinto.com.au
Mon Oct 24 22:51:18 GMT 2005
> From: Daniel Cheong
> I am desperate to know whether there is any successful
> implementation of
> Samba 3.0.x as member server of Microsoft Windows 2003 server running
> Active Directory.
I have recently set up this configuration. It seems to be running
OK now but it took me a while as I got confused. I had trouble:
- joining the server to the AD realm
- sorting out the user mapping
The smb.conf file is trivial (below).
The samba server is a Dell 2850 running RHEL 3. The RH binaries
of samba-3.09 didn't work for me. I has to upgrade to samba-3.0.20b
compiled from source.
> I have in production the said architecture and it is giving
> me all sort of
> connection problems to SAMBA shares during peak hours when users are
> numbered as many as 500+ concurrently. When there are only few users,
> everything seems to work fine.
My samba server only has a few users. The AD server is part of
a global corporate network and I don't control it.
Not sure my setup is best practice, but here it is.
### /etc/krb5.conf ###
default_realm = CAL.RIOTINTO.ORG
cal.riotinto.org = CAL.RIOTINTO.ORG
.cal.riotinto.org = CAL.RIOTINTO.ORG
### smb.conf ###
# Samba config file created using SWAT
# from 22.214.171.124 (126.96.36.199)
# Date: 2005/10/18 09:41:32
workgroup = CAL
realm = CAL.RIOTINTO.ORG
server string = Samba Server
security = ADS
username map = /usr/local/samba-3.0.20b/lib/smbusers
log level = 3
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
os level = 0
local master = No
dns proxy = No
ldap ssl = no
comment = Home Directories
read only = No
browseable = No
comment = calttux001:/tmp
path = /tmp
read only = No
### smbusers ###
# Unix_name = SMB_name1 SMB_name2 ...
unixusr1 = smbuser1 CAL.RIOTINTO.ORG\smbuser1
unixusr2 = smbuser1 CAL.RIOTINTO.ORG\smbuser2
unixusr3 = smbuser1 CAL.RIOTINTO.ORG\smbuser3
This e-mail and any attachments are private and confidential and may contain privileged information. If you are not an authorised recipient, the copying or distribution of this e-mail and any attachments is prohibited and you must not read, print or act in reliance on this e-mail or attachments.
This notice should not be removed.
More information about the samba