[Samba] AD integration checklist
simon at benchmarkconsulting.com
Fri Dec 8 18:52:29 GMT 2006
Thanks for the reply.
You are correct, I'm testing on a virtual machine.
I modified smb.conf with the lines you said but when I try to access the share, I keep getting prompted for my user/pass.
From: samba-bounces+simon=benchmarkconsulting.com at lists.samba.org [mailto:samba-bounces+simon=benchmarkconsulting.com at lists.samba.org] On Behalf Of James A. Dinkel
Sent: 8 décembre, 2006 13:05
To: samba at lists.samba.org
Subject: RE: [Samba] AD integration checklist
> -----Original Message-----
> From: Simon Renshaw
> Sent: Friday, December 08, 2006 10:13 AM
> I compiled Samba 3.0.23d on a CentOS 4.4 machine. Then I configured
> /etc/krb5.conf for my domain. Was able to successfully run kinit and
> join my Windows 2003 domain with a net ads join. Net ads user and net
> ads group returns the users and the groups of the domain.
> So far so good.
> I'm kinda stuck on the next step. I would like to grant access to the
> share defined in smb.conf to anybody in the domain. How do I make it
> authenticate users on the domain instead of using the server?
> Content of smb.conf:
> workgroup = BENCHCAN
> server string = Virtual Linux
> wins server = 192.168.64.20
> netbios name = BACKUP
> realm = BENCHMARKCANADA.COM
> password server = castor-srvr1.benchmarkcanada.com
> security = ADS
> path = /
> guest ok = no
> read only = no
You need this in your global section:
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
encrypt passwords = yes
And this in your share section:
valid users = @"BENCHCAN\domain users"
Although this will give all your users access to / which doesn't seem
like a good idea, but I assume this is just for testing.
To unsubscribe from this list go to the following URL and read the
More information about the samba