[Samba] AD Auth, but Unix users and groups

Gary Algier gaa at ulticom.com
Fri Oct 19 19:21:53 GMT 2007

Hello All:

I have a Samba server (running 3.0.11) that uses an LDAP SAM for
authentication.  We now have AD (native mode) running in house.
Since everyone has a login there, I would like to use the AD
credentials for authentication.  However, I would like to continue
to use the Unix user ids and group ids, etc.

All the documentation for AD authentication talks about ID mapping, etc.
I don't think I need this.  I already have ids.  I don't need to map

Is there an easy way to do what I want?

I have tried to make it work by picking up the latest Blastwave
and I installed it with configurations like:

        unix charset = LOCALE
        workgroup = ULTICOM
        realm = ULTICOM.COM
        netbios name = CARP
        server string = Carp -- a test instance of Corp
        interfaces =
        bind interfaces only = Yes
        security = ADS
        smb passwd file = /etc/csw/samba/carp/private/smbpasswd
        private dir = /etc/csw/samba/carp/private
        log level = 1
        syslog = 0
        log file = /var/csw/samba/log/carp.smbd.log
        max log size = 50
        printcap name = CUPS
        ldap ssl = no
        lock directory = /etc/csw/samba/carp/locks
        pid directory = /etc/csw/samba/carp/locks
        include = /etc/csw/samba/carp/smb.conf.shares

With this configuration, I can do an "smbclient -L carp" just fine,
but I can't do "smbclient //carp/gaa".  I get:
Domain=[ULTICOM] OS=[Unix] Server=[Samba 3.0.23b]
tree connect failed: NT_STATUS_ACCESS_DENIED
This sure sounds like the login works but the user ids don't allow
(If I type my password wrong, I get a NT_STATUS_LOGON_FAILURE).
Any other ideas?

Gary Algier, WB2FWZ          gaa at ulticom.com             +1 856 787
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054      Fax:+1 856 866

Nielsen's First Law of Computer Manuals:
    People don't read documentation voluntarily.

More information about the samba mailing list