[Samba] AD integration checklist

Simon Renshaw simon at benchmarkconsulting.com
Fri Dec 8 18:52:29 GMT 2006

Thanks for the reply.

You are correct, I'm testing on a virtual machine.

I modified smb.conf with the lines you said but when I try to access the share, I keep getting prompted for my user/pass.

Any idea?


-----Original Message-----
From: samba-bounces+simon=benchmarkconsulting.com at lists.samba.org [mailto:samba-bounces+simon=benchmarkconsulting.com at lists.samba.org] On Behalf Of James A. Dinkel
Sent: 8 décembre, 2006 13:05
To: samba at lists.samba.org
Subject: RE: [Samba] AD integration checklist

> -----Original Message-----
> From: Simon Renshaw
> Sent: Friday, December 08, 2006 10:13 AM
> Hi,
> I compiled Samba 3.0.23d on a CentOS 4.4 machine. Then I configured
> /etc/krb5.conf for my domain. Was able to successfully run kinit and
> join my Windows 2003 domain with a net ads join. Net ads user and net
> ads group returns the users and the groups of the domain.
> So far so good.
> I'm kinda stuck on the next step. I would like to grant access to the
> share defined in smb.conf to anybody in the domain. How do I make it
> authenticate users on the domain instead of using the server?
> Content of smb.conf:
> [global]
> workgroup = BENCHCAN
> server string = Virtual Linux
> wins server =
> netbios name = BACKUP
> password server = castor-srvr1.benchmarkcanada.com
> security = ADS
> [share]
> path = /
> guest ok = no
> read only = no
> Thanks!
> Simon

You need this in your global section:

idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
encrypt passwords = yes

And this in your share section:

valid users = @"BENCHCAN\domain users"

Although this will give all your users access to / which doesn't seem
like a good idea, but I assume this is just for testing.

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list