[Samba] AD integration checklist

Don Meyer dlmeyer at uiuc.edu
Fri Dec 8 20:11:33 GMT 2006

At 12:05 PM 12/8/2006, James A. Dinkel wrote:
> > -----Original Message-----
> > From: Simon Renshaw
> > Sent: Friday, December 08, 2006 10:13 AM
> >
> > Hi,
> >
> > I compiled Samba 3.0.23d on a CentOS 4.4 machine. Then I configured
> > /etc/krb5.conf for my domain. Was able to successfully run kinit and
> > join my Windows 2003 domain with a net ads join. Net ads user and net
> > ads group returns the users and the groups of the domain.
> >
> > I'm kinda stuck on the next step. I would like to grant access to the
> > share defined in smb.conf to anybody in the domain. How do I make it
> > authenticate users on the domain instead of using the server?
> > ...
>You need this in your global section:
>idmap uid = 10000-20000
>idmap gid = 10000-20000
>winbind enum users = yes
>winbind enum groups = yes
>encrypt passwords = yes
>And this in your share section:
>valid users = @"BENCHCAN\domain users"
>Although this will give all your users access to / which doesn't seem
>like a good idea, but I assume this is just for testing.

Don't forget the necessary modifications to nsswitch.conf:

passwd: files winbind
shadow: files winbind
group:  files winbind


Don Meyer                                           <dlmeyer at uiuc.edu>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services

   "They that can give up essential liberty to obtain a little 
temporary safety,
         deserve neither liberty or safety."     -- Benjamin Franklin, 1759 

More information about the samba mailing list