[Samba] AD Auth, but Unix users and groups

Gary Algier gaa at ulticom.com
Fri Oct 19 19:21:53 GMT 2007 

Hello All:

I have a Samba server (running 3.0.11) that uses an LDAP SAM for
authentication.  We now have AD (native mode) running in house.
Since everyone has a login there, I would like to use the AD
credentials for authentication.  However, I would like to continue
to use the Unix user ids and group ids, etc.

All the documentation for AD authentication talks about ID mapping, etc.
I don't think I need this.  I already have ids.  I don't need to map
them.

Is there an easy way to do what I want?

I have tried to make it work by picking up the latest Blastwave
distribution
and I installed it with configurations like:

------------------------------------------------------------------------
--
[global]
        unix charset = LOCALE
        workgroup = ULTICOM
        realm = ULTICOM.COM
        netbios name = CARP
        server string = Carp -- a test instance of Corp
        interfaces = 172.25.0.9
        bind interfaces only = Yes
        security = ADS
        smb passwd file = /etc/csw/samba/carp/private/smbpasswd
        private dir = /etc/csw/samba/carp/private
        log level = 1
        syslog = 0
        log file = /var/csw/samba/log/carp.smbd.log
        max log size = 50
        printcap name = CUPS
        ldap ssl = no
        lock directory = /etc/csw/samba/carp/locks
        pid directory = /etc/csw/samba/carp/locks
        include = /etc/csw/samba/carp/smb.conf.shares

[homes]
...
------------------------------------------------------------------------
--
With this configuration, I can do an "smbclient -L carp" just fine,
but I can't do "smbclient //carp/gaa".  I get:
------------------------------------------------------------------------
--
Domain=[ULTICOM] OS=[Unix] Server=[Samba 3.0.23b]
tree connect failed: NT_STATUS_ACCESS_DENIED
------------------------------------------------------------------------
--
This sure sounds like the login works but the user ids don't allow
access.
(If I type my password wrong, I get a NT_STATUS_LOGON_FAILURE).
Any other ideas?


-- 
Gary Algier, WB2FWZ          gaa at ulticom.com             +1 856 787
2758
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054      Fax:+1 856 866
2033

Nielsen's First Law of Computer Manuals:
    People don't read documentation voluntarily.

More information about the samba mailing list