[Samba] Re: Samba using AD as a directory server
Mark Campbell
mcc171 at psu.edu
Mon Dec 3 16:53:48 GMT 2007
Any way to do it with just 2k3 or does it have to be 2k3r2?
Thanks
Mark
Christoph Peus wrote:
> Mark Campbell wrote:
>> So I have idmap:rid working. The problem is I can set only the same
>> shell for all users. I was trying to find a way to store the shell
>> in AD. I have found a couple references to ||RFC2307. Can this be
>> used with AD and if so is there a good article on it somewhere? (I
>> looked through the samba docs but didn't find anythings yet perhaps I
>> am just blind)
>
> short form:
>
> - do an upgrade to Windows Server 2003 R2 on the DCs
> - set POSIX IDs in AD for all users und groups which you want to use
> with samba
> - compile samba with kerberos support
> - net ads join
>
> smb.conf:
>
> security = ADS
> realm = YOUR.DOMAIN
> idmap backend = ad
> winbind nss info = rfc2307
>
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
>
> /etc/nsswitch.conf:
>
> passwd: files winbind
> shadow: files
> group: files winbind
>
>
> /etc/krb5.conf:
>
> [libdefaults]
> default_realm = YOUR.DOMAIN
>
> [realms]
> YOUR.DOMAIN = {
> kdc = xxx.xxx.xxx.xxx
> kdc = yyy.yyy.yyy.yyy
> }
>
--
Mark Campbell
Systems Analyst
Digital Library Technologies
The Pennsylvania State University
mcc171 at psu.edu, 814-865-4774
More information about the samba
mailing list