FW: [Samba] samba as a domain member
David Shapiro
David.Shapiro at bcbsnc.com
Thu Mar 2 16:44:12 GMT 2006
Note that not only do you need to mess with pam, you need to compile ssh
again to use kerberos/pam.
David
David Shapiro
Unix Team Lead
919-765-2011
>>> "Guillermo Gutierrez" <ggutierrez at marketscan.com> 3/1/2006 8:05 PM
>>>
whoops, forgot to copy the list on it. sorry.
Well, an update. I can log in to the console using any domain profiles,
but, I can not access the exposed home directory through NetBeui (My
Network Places/Network Neighborhood).
Also, how should I configure /etc/pam.d/sshd to allow domain users to
authenticate and logon through an ssh client (PuTTY?, OpenSSH?)
-----Original Message-----
From: Guillermo Gutierrez
Sent: Wednesday, March 01, 2006 12:47 PM
To: 'David Shapiro'
Subject: RE: [Samba] samba as a domain member
yes, getent passwd returns users and what appears to be machine names
as well.
wbinfo -u returns user info and computer info.
wbinfo -g returns domain groups .
Since I sent this email a couple of things changed. the above commands
no longer display the domain as part of the info.
I cannot get into my home directory which is shared but with a valid
user of "valid users = %S" in the smb.conf.
-----Original Message-----
From: David Shapiro [mailto:David.Shapiro at bcbsnc.com]
Sent: Wednesday, March 01, 2006 12:32 PM
To: Guillermo Gutierrez
Subject: Re: [Samba] samba as a domain member
Is the getent passwd returning users? Does wbinfo -u and wbinfo -g
return users and groups?
David
David Shapiro
Unix Team Lead
919-765-2011
>>> "Guillermo Gutierrez" <ggutierrez at marketscan.com> 3/1/2006 1:09:26
PM >>>
Hello,
I am new to this list but I have been learning to use linux/bsd and
samba for the past year. so far I have been able to learn enough on my
own to be able to successfully set up a functional samba server on
FreeBSD and Gentoo Linux boxes. I am trying to learn how to integrate
them into an Active Directory windows 2003 server domain. So far I have
verified that Kerberos and ldap and winbind (I think) are functioning
correctly. I am able to do a 'kinit administrator at DOMAIN.COM' command
and not get a failure.
I am able to see all of the groups and users/systems in the domain from
getent commands.
My problem is that I cant access samba shares when permissions are set
using domain users.
I can access the /home/samba/public share is I DON'T specify a 'valid
users =' line in the smb.conf file, but not the other way around.
Here is what my smb.conf file looks like:
# Samba config file created using SWAT
# from 10.11.7.56 (10.11.7.56)
# Date: 2006/03/01 09:45:11
[global]
workgroup = MARKETSCAN
realm = MARKETSCAN.COM
server string = %h Samba Server
interfaces = lo, eth0
bind interfaces only = Yes
security = ADS
auth methods = winbind
password server = nostradmus, nostradamus_ii, nostradamus_cam
log file = /var/log/samba/log.%m
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
load printers = No
preferred master = No
dns proxy = No
wins proxy = No
wins server = 10.11.3.198
ldap ssl = no
passdb expand explicit = No
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = max log size = 50
winbind use default domain = Yes
[public]
comment = %h Public Share
path = /home/samba/public
read only = No
force create mode = 0777
force directory mode = 0777
guest ok = Yes
[homes]
comment = Home Directory for %U
path = /home/%D/%U
valid users = %S
read only = No
force create mode = 0777
force directory mode = 0777
browseable = No
I would greatly appreciate any help.
thanks,
Guillermo Gutierrez
Development Systems Engineer
Market Scan Information Systems
(818) 575-2000 x2427
ggutierrez at marketscan.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list