[Samba] Cant correctly join windows 2K3 domain with Gentoo

Aaron Kincer kincera at gmail.com
Wed Sep 27 15:17:57 GMT 2006


In case this helps someone else, I'm sending this back to the list:

Gotcha. I'm not immediately aware of why you would want to do this 
unless you are providing shell-based services and want a single sign-on 
for that in addition to Active Directory accounts. I've never tried 
that, so maybe someone here will want to give you more info. I just 
tried logging into my samba server using a domain account and it wasn't 
very cooperative. I tried using the short name (just the username) and 
got an access denied. When I used the domainname+username, an 
interesting thing happened. A directory under /home/domainname/ was 
created for the user, but no login occurred.

I did find this webpage that seems to claim to offer what you need:

http://weblog.bignerdranch.com/?p=6

Hope that helps.

Guillermo Gutierrez wrote:
> Well...eventually I continued on to the "net ads join" command but I
> still couldn't get any domain users or groups to show.
> After that I started up winbind and a few minutes later I saw users and
> groups.
>
> Even though I can see domain info usingthe "getent passwd" command I
> still cannot log in as a domain user.
>
> -----Original Message-----
> From: Aaron Kincer [mailto:kincera at gmail.com] 
> Sent: Wednesday, September 27, 2006 6:21 AM
> To: Guillermo Gutierrez
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Cant correctly join windows 2K3 domain with Gentoo
>
> Have you performed a net ads join command yet?
>
> Guillermo Gutierrez wrote:
>   
>> Help me please, I am getting desparate.
>> I have tried to the follow the following how-to for joining a Gentoo 
>> Linux samba server to a windows 2003 domain and cant seem to get the 
>> the "getent passwd" command to any domain users.
>>
>> Here is the document that I was following:
>> http://gentoo-wiki.com/HOWTO_Adding_a_Samba_Server_into_an_existing_AD
>> _D
>> omain
>>
>> Here is my smb.conf as well:
>>
>> # Global Configurations
>> [global]
>>         # Netbios Identification
>>         netbios name = Solidus
>>         workgroup = marketscan
>>         realm = MARKETSCAN.COM
>>         server string = %h, Gentoo Samba Server %v
>>
>>         # Logging Options
>>         log file = /var/log/samba/log.%m
>>         max log size = 50
>>         log level = 5
>>
>>         # smb password backend
>>         # commented out to see if changing it to ldapsam works any 
>> better
>> 	 ; passdb backend = tdbsam
>> 	 passdb backend = ldapsam:ldap://10.11.3.177
>>
>>         # Winbind, Domain Options
>>         password server = *
>>         encrypt passwords = yes
>>         security = ads
>>         client signing = yes
>>         template homedir = /home/MARKETSCAN/%U
>>         template shell = /bin/bash
>>         winbind enum users = yes
>>         winbind enum groups = yes
>>         winbind use default domain = yes
>>         idmap uid = 10000-20000
>>         idmap gid = 10000-20000
>>
>>         # Network Settings
>>         socket options = TCP_NODELAY
>>         interfaces = eth0 lo
>>         bind interfaces only = yes
>>         socket address = 10.11.3.210
>>
>>         # Master Browser options
>>         local master = no
>>         os level = 2
>>
>>         # WINS and DNS Options
>>         wins server = 10.11.3.177
>>         dns proxy = yes
>>
>> # Share level configuration settings
>> #
>> # Public share
>> [public]
>>         comment = Public Volume on %h
>>         path = /home/samba/public
>>         valid users = +users
>>         writeable = yes
>>         public = yes
>>         force create mode = 0766
>>         force directory mode = 0766
>>         guest ok = no
>>
>> # Home directory for valid users.
>> [homes]
>>         comment = Home Folder for %u
>>         valid users = %S
>>         browseable = no
>>         writeable = yes
>>         force create mode = 0700
>>         force directory mode = 0700
>>
>> Please do point out any and all flaws in my config or the document 
>> that I mentioned above.
>>
>> Thanks,
>>
>> Guillermo Gutierrez
>> Network Administrator
>> Market Scan Information Systems, Inc
>> (818) 575-2000 x2017
>> ggutierrez at marketscan.com
>>
>>   
>>     
>
>
>   



More information about the samba mailing list