[Samba] Windbind auth

Simon Renshaw simon at castortech.com
Tue May 30 19:50:40 GMT 2006


I was able to get my server in the domain. I can see it from ADUC and
Network Places. But I can't get it to use AD to authenticate the users
that want to access the server/share.

Wbinfo -u and -g return the users and group of my MONTREAL domain.

Net ads info also returns the correct information about my domain.

I then tried to run getent passwd but that only returned the list of the
local account.

Content of /etc/nsswitch.conf:

passwd:     files windbind
shadow:     files windbind
group:      files windbind
hosts:      files dns wins

The rest are set as files.

I tried to remove files in passwd, shadow and group but when I ran
getent passwd it returned nothing. I then replaced windbind with compat
and got the same result.

What should I do about that? And what else should I check?

Found this in the doc:

Do not forget to specify also the ldap admin dn and to make certain to
set the LDAP administrative password into the secrets.tdb using:

root#  smbpasswd -w ldap-admin-password

In place of ldap-admin-password, substitute the LDAP administration
password for your system.

I assume that this is the password of Administrator? I did that with the
password of Administrator.

And if I got this right, to allow users to access a share from a group I
need to put a @ first?

For example:

valid users = @MONTREAL\Domain Users

I'm running Samba 3.0.10-1.4E.6 on CentOS 4.3. The clients would be
Windows machines.

I'm about to give up and just create a bunch of local users :/

If you need to know more details, just let me know.


More information about the samba mailing list