[Samba] Cross domain and user home questions.
Trimble, Ronald D
Ronald.Trimble at unisys.com
Fri Feb 3 15:00:46 GMT 2006
Thank you in advance for any help anyone may be able to provide with the
following issues I am experiencing.
The first is authenticating users across domains. I have successfully
configured Samba to use an AD domain, but when I try to authenticate
another user form another domain in the same tree, I get various errors.
Can anyone shed some light on what I may be doing wrong or help me
configure this?
Here are the important settings from my smb.conf.
[global]
workgroup = NA
realm = NA.UIS.UNISYS.COM
netbios name = servername
encrypt passwords = yes
security = ADS
password server = IPaddress
passdb backend = smbpasswd
log level = 0
syslog = 0
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# winbind separator = +
winbind use default domain = no
winbind uid = 16777216-33554431
winbind gid = 16777216-33554431
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
admin users = root, IDs
nt acl support = yes
map acl inherit = yes
As you can see from the config, I am a member of the NA domain. I have
no issues with users in this domain and everything works as it should.
The problem comes when I try to authenticate users of our other
domains... for example EU. Our tree looks like this:
UIS.UNISYS.COM
|_> NA.UIS.UNISYS.COM
|_> EU.UIS.UNISYS.COM
|_> etc..
The second issue I have is related to user home directories. I have it
set up so that when a user views the SMB shares on the server, they can
see their home directory. The problem is that if the directory is not
created ahead of time, what they are seeing is not real. The directory
is not being created automatically. How can I set this up? Here is the
[homes] section of my smb.conf.
[homes]
comment = Home Directories (RW)
valid users = %D\%S
browseable = No
read only = No
create mask = 0660
directory mask = 0770
Thanks again for any help you may provide.
More information about the samba
mailing list