[Samba] Winbind/rid and authentication questions

David Shapiro David.Shapiro at bcbsnc.com
Mon Feb 6 14:19:11 GMT 2006


hello,
 
I keep gettiing a login prompt when I try to access shares on my newly
created samba server.  I am trying to use ad/rid (the best option if you
want multiple samba servers in your environment?)  wbinfo -a
DOMAIN/mylogin%password authenticates correctly.  wbinfo -u and wbinfo
-g shows my groups and users fine.  Do I need winbind uid/gid as well as
idmap uid/gid?  Do I need auth method?  Should I use idmap backend = ad
instead?  Do I need pam support?  I am really confused about what the
right setup is now with samba. 
 
My smb.conf has:
 
[global]
        workgroup = DOMAIN
        netbios name = svcanimp
        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
        idmap uid = 10000-200000
        idmap gid = 10000-200000
        #idmap backend = ad
        idmap backend = idmap_rid:DOMAIN=10000-200000
        use kerberos keytab = yes
        # os level = 65
        winbind enum users = yes
        winbind enum groups = yes
        #winbind use default domain = yes
        #winbind uid = 10000-200000
        #winbind gid = 10000-200000
        winbind separator = /
        encrypt passwords = yes
        server string = User management Server
        security = ADS
        #security = domain
        realm = DOMAIN.COM
        password server = ad.domain.com
        preferred master = no
        log file = /usr/local/samba/var/log.%m
        log level = 10
        #hosts allow = 10.69. 127.0.
        max log size = 50
        local master = No
        dns proxy = No
        wins server = wins02 wins03
        wins proxy = no
        name resolve order = hosts wins lmhosts bcast
        aio read size = 1
        aio write size = 1
        template homedir = /home/winnt/%D/%U
        template shell = /bin/bash
        #acl group control = yes
        #inherit permissions = Yes
        #inherit acls = Yes
        invalid users = root
        #auth methods = winbind
        #username map = /usr/local/samba/lib/username.map
 

[homes]
        valid users = %S
        browseable = No
        read only = No

 
 
 
David Shapiro
Unix Team Lead
919-765-2011


More information about the samba mailing list