[Samba] samba machines as PDC and member
harry forbess
hforbess at gmail.com
Fri Jan 27 00:24:24 GMT 2006
I have set up samba to be a AD member and no other linux boxes. It worked
well.
I set up samba to be a PDS with no other linux boxes. It worked well.
Now, I need to make a samba client that works with the samba PDS. I can join
the domain. winbind can list users and such. getent doesnt work.
I can see the authentication succeeding on the PDS but I cant access any
shares. smbclient -L DOMAIN shows all the shares.
I just cant seem to authenticate except as root.
I realize that this PDC is not AD so i dont need krb but I dont know what I
need to authenticate between the samba machines. I thought this was going
to be easy.
Here is my PDC smb.conf
# PDC Samba Configuration File
# by Lorenzo Allori <lallori at medici.org>
# To be edited and then copied to /usr/local/samba/lib/smb.conf
# REMEMBER TO EDIT THIS BEFORE COPYNG IN THE DIRECTORY AND RUNNING SAMBA.
[global]
netbios name = SERENITY
workgroup = SERENITY
log level = 2
log file = /var/log/samba/sambapdc.log
security = share
;invalid users = root
interfaces = 192.168.1.172/255.255.255.0
security = user
server string = %h server (Samba %v)
syslog only = no
# Performance tuning
# Remember to increase or decrease by 1024 SO_SNBUF and SO_RCVBUF
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNBUF=4096
SO_RCVBUF=4096
# If you are accessing by multiple users to a single MSAccess File (*.mdb)
# Uncomment theese two lines about oplocks you have to disable them.
# oplocks = False
# level2oplocks = False
encrypt passwords = yes
# NT Domain Section
wins support = yes
os level = 34
domain master = yes
local master = yes
preferred master = yes
domain logons = yes
logon script = logon.bat
# Where the scripts resides.
logon path = \\SERENITY\profiles\%u
# Where the profiles are
logon home = \\SERENITY\home\samba\users\%u
name resolve order = lmhosts host wins bcast
dns proxy = no
smb passwd file = /usr/local/samba/private/smbpasswd
# Uncomment this lines only if you know what you are doing.
# unix password sync = yes
# passwd program = /usr/bin/passwd %u
# passwd chat = *Enter\snew\sUNIX\spassword:*\
# %n\n *Retype\snew\sUNIX\spassword:* %n\n .
# How long do you want the samba log file to be?
max log size = 2000
time server = yes
[netlogon]
path = /home/samba/netlogon
public = no
writeable = no
browsable = no
read only = yes
write list = administrator
[profiles]
create mode = 0600
directory mode = 0700
path = /home/samba/profiles
;profile acls = yes
read only = no
writable = yes
browseable = no
And this works fine with windows boxes. Roaming profiles and the whole bit.
here is my member smb.conf
[global]
workgroup = SERENITY
security = domain
password server = *
hosts allow = 192.168.1., 192.168.3., 127.
load printers = yes
printing = cups
printcap name = cups
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
public = yes
guest ok = yes
writable = no
printable = yes
printer admin = root, @"SERENITY\domain"
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
write list = root
[public]
path = /shares
public = Yes
read only = no
browseable = Yes
valid users = @"SERENITY\users"
[homes]
comment = Home Directories
read only = No
browseable = Yes
valid users = %D+%S
create mode = 0664
Is there someting I need to change to in nsswitch.conf or /etc/pam.d/samba.
Another way to authenticate?
I hope someone can point me in the right direction.
thanks
harry
More information about the samba
mailing list