[Samba] AD integration checklist
James A. Dinkel
jdinkel at bucoks.com
Fri Dec 8 18:05:22 GMT 2006
> -----Original Message-----
> From: Simon Renshaw
> Sent: Friday, December 08, 2006 10:13 AM
>
> Hi,
>
> I compiled Samba 3.0.23d on a CentOS 4.4 machine. Then I configured
> /etc/krb5.conf for my domain. Was able to successfully run kinit and
> join my Windows 2003 domain with a net ads join. Net ads user and net
> ads group returns the users and the groups of the domain.
>
> So far so good.
>
> I'm kinda stuck on the next step. I would like to grant access to the
> share defined in smb.conf to anybody in the domain. How do I make it
> authenticate users on the domain instead of using the server?
>
> Content of smb.conf:
>
> [global]
> workgroup = BENCHCAN
> server string = Virtual Linux
> wins server = 192.168.64.20
> netbios name = BACKUP
> realm = BENCHMARKCANADA.COM
> password server = castor-srvr1.benchmarkcanada.com
> security = ADS
>
> [share]
> path = /
> guest ok = no
> read only = no
>
> Thanks!
> Simon
You need this in your global section:
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
encrypt passwords = yes
And this in your share section:
valid users = @"BENCHCAN\domain users"
Although this will give all your users access to / which doesn't seem
like a good idea, but I assume this is just for testing.
More information about the samba
mailing list