[Samba] Re: Samba using AD as a directory server
Christoph Peus
cp at uni-wh.de
Mon Dec 3 16:10:30 GMT 2007
Mark Campbell wrote:
> So I have idmap:rid working. The problem is I can set only the same
> shell for all users. I was trying to find a way to store the shell in
> AD. I have found a couple references to ||RFC2307. Can this be used
> with AD and if so is there a good article on it somewhere? (I looked
> through the samba docs but didn't find anythings yet perhaps I am just
> blind)
short form:
- do an upgrade to Windows Server 2003 R2 on the DCs
- set POSIX IDs in AD for all users und groups which you want to use
with samba
- compile samba with kerberos support
- net ads join
smb.conf:
security = ADS
realm = YOUR.DOMAIN
idmap backend = ad
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
/etc/nsswitch.conf:
passwd: files winbind
shadow: files
group: files winbind
/etc/krb5.conf:
[libdefaults]
default_realm = YOUR.DOMAIN
[realms]
YOUR.DOMAIN = {
kdc = xxx.xxx.xxx.xxx
kdc = yyy.yyy.yyy.yyy
}
More information about the samba
mailing list