[Samba] AD Auth, but Unix users and groups
Gary Algier
gaa at ulticom.com
Fri Oct 19 19:21:53 GMT 2007
Hello All:
I have a Samba server (running 3.0.11) that uses an LDAP SAM for
authentication. We now have AD (native mode) running in house.
Since everyone has a login there, I would like to use the AD
credentials for authentication. However, I would like to continue
to use the Unix user ids and group ids, etc.
All the documentation for AD authentication talks about ID mapping, etc.
I don't think I need this. I already have ids. I don't need to map
them.
Is there an easy way to do what I want?
I have tried to make it work by picking up the latest Blastwave
distribution
and I installed it with configurations like:
------------------------------------------------------------------------
--
[global]
unix charset = LOCALE
workgroup = ULTICOM
realm = ULTICOM.COM
netbios name = CARP
server string = Carp -- a test instance of Corp
interfaces = 172.25.0.9
bind interfaces only = Yes
security = ADS
smb passwd file = /etc/csw/samba/carp/private/smbpasswd
private dir = /etc/csw/samba/carp/private
log level = 1
syslog = 0
log file = /var/csw/samba/log/carp.smbd.log
max log size = 50
printcap name = CUPS
ldap ssl = no
lock directory = /etc/csw/samba/carp/locks
pid directory = /etc/csw/samba/carp/locks
include = /etc/csw/samba/carp/smb.conf.shares
[homes]
...
------------------------------------------------------------------------
--
With this configuration, I can do an "smbclient -L carp" just fine,
but I can't do "smbclient //carp/gaa". I get:
------------------------------------------------------------------------
--
Domain=[ULTICOM] OS=[Unix] Server=[Samba 3.0.23b]
tree connect failed: NT_STATUS_ACCESS_DENIED
------------------------------------------------------------------------
--
This sure sounds like the login works but the user ids don't allow
access.
(If I type my password wrong, I get a NT_STATUS_LOGON_FAILURE).
Any other ideas?
--
Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787
2758
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866
2033
Nielsen's First Law of Computer Manuals:
People don't read documentation voluntarily.
More information about the samba
mailing list