[Samba] ADS help

db at trunet.dk db at trunet.dk
Tue Oct 17 10:38:40 GMT 2006 

> I would be a bit more helpful if you include your configuration files
> and be a bit more clear about what you are trying to accomplish with
> your Samba server.

Here you go :-)

;----------------------------------------------
ldap.conf

host 192.168.1.5
base dc=example,dc=com
nss_initgroups_ignoreusers root,ldap

;----------------------------------------------
krb5.conf

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = SAMBA.LOCAL

SAMBA.LOCAL = {
   kdc = 192.168.1.5
}

[domain_realms]
.Samba.local = SAMBA.LOCAL

;----------------------------------------------
nsswitch.conf

passwd:      files ldap winbind
group:       files ldap winbind
shadow:      files ldap winbind
;----------------------------------------------
smb.conf

[global]
workgroup = samba
realm = SAMBA.local
security = ADS
password server = 192.168.1.5

ldap ssl = No

netbios name = SAMBAFILES
server string = Samba Linux Filserver

encrypt passwords = Yes
socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 IPTOS_LOWDELAY
dns proxy = Yes
smb ports = 445

log file = /var/log/samba/%m.log
max log size = 50

max xmit = 2048

idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind separator = +
winbind trusted domains only = No
template homedir = /home/data/homes/%U
template shell = /bin/false
guest ok = No

hide dot files = No

enable privileges = Yes
disable spoolss = Yes

enable asu support = No

add share command = /etc/samba/scripts/share_add
change share command = /etc/samba/scripts/share_change
delete share command = /etc/samba/scripts/share_delete

vfs object = recycle:recycle

recycle:repository = PAPIRKURV
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = Yes

;----------------------------------------------

As I wrote I can get the info just fine with wbinfo, getent and net
info/status. Wrong logins get rejected, but correct logins get's a:
session setup failed: Call timed out: server did not respond after 20000
milliseconds

The permissions on the files (shared files, homes and so on) are for a
system user, but I guessing there is no way to force them to an AD user? I
don't know if this has anything to do with the session setup failure, but
I'm guessing this will be a problem, so any help regarding this is also
welcome.

Best regards
db

More information about the samba mailing list