[Samba] ADS help
db at trunet.dk
db at trunet.dk
Tue Oct 17 10:38:40 GMT 2006
> I would be a bit more helpful if you include your configuration files
> and be a bit more clear about what you are trying to accomplish with
> your Samba server.
Here you go :-)
;----------------------------------------------
ldap.conf
host 192.168.1.5
base dc=example,dc=com
nss_initgroups_ignoreusers root,ldap
;----------------------------------------------
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = SAMBA.LOCAL
SAMBA.LOCAL = {
kdc = 192.168.1.5
}
[domain_realms]
.Samba.local = SAMBA.LOCAL
;----------------------------------------------
nsswitch.conf
passwd: files ldap winbind
group: files ldap winbind
shadow: files ldap winbind
;----------------------------------------------
smb.conf
[global]
workgroup = samba
realm = SAMBA.local
security = ADS
password server = 192.168.1.5
ldap ssl = No
netbios name = SAMBAFILES
server string = Samba Linux Filserver
encrypt passwords = Yes
socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 IPTOS_LOWDELAY
dns proxy = Yes
smb ports = 445
log file = /var/log/samba/%m.log
max log size = 50
max xmit = 2048
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind separator = +
winbind trusted domains only = No
template homedir = /home/data/homes/%U
template shell = /bin/false
guest ok = No
hide dot files = No
enable privileges = Yes
disable spoolss = Yes
enable asu support = No
add share command = /etc/samba/scripts/share_add
change share command = /etc/samba/scripts/share_change
delete share command = /etc/samba/scripts/share_delete
vfs object = recycle:recycle
recycle:repository = PAPIRKURV
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = Yes
;----------------------------------------------
As I wrote I can get the info just fine with wbinfo, getent and net
info/status. Wrong logins get rejected, but correct logins get's a:
session setup failed: Call timed out: server did not respond after 20000
milliseconds
The permissions on the files (shared files, homes and so on) are for a
system user, but I guessing there is no way to force them to an AD user? I
don't know if this has anything to do with the session setup failure, but
I'm guessing this will be a problem, so any help regarding this is also
welcome.
Best regards
db
More information about the samba
mailing list