[Samba] AD Auth, but Unix users and groups

Fajar Priyanto fajarpri at cbn.net.id
Mon Oct 22 13:43:19 GMT 2007 

On Saturday 20 October 2007 02:21:53 Gary Algier wrote:
> Hello All:
>
> I have a Samba server (running 3.0.11) that uses an LDAP SAM for
> authentication.  We now have AD (native mode) running in house.
> Since everyone has a login there, I would like to use the AD
> credentials for authentication.  However, I would like to continue
> to use the Unix user ids and group ids, etc.
>
> All the documentation for AD authentication talks about ID mapping, etc.
> I don't think I need this.  I already have ids.  I don't need to map
> them.
>
> Is there an easy way to do what I want?
>
> I have tried to make it work by picking up the latest Blastwave
> distribution
> and I installed it with configurations like:
>
> ------------------------------------------------------------------------
> --
> [global]
>         unix charset = LOCALE
>         workgroup = ULTICOM
>         realm = ULTICOM.COM
>         netbios name = CARP
>         server string = Carp -- a test instance of Corp
>         interfaces = 172.25.0.9
>         bind interfaces only = Yes
>         security = ADS
>         smb passwd file = /etc/csw/samba/carp/private/smbpasswd
>         private dir = /etc/csw/samba/carp/private
>         log level = 1
>         syslog = 0
>         log file = /var/csw/samba/log/carp.smbd.log
>         max log size = 50
>         printcap name = CUPS
>         ldap ssl = no
>         lock directory = /etc/csw/samba/carp/locks
>         pid directory = /etc/csw/samba/carp/locks
>         include = /etc/csw/samba/carp/smb.conf.shares
>
> [homes]
> ...
> ------------------------------------------------------------------------
> --
> With this configuration, I can do an "smbclient -L carp" just fine,
> but I can't do "smbclient //carp/gaa".  I get:
> ------------------------------------------------------------------------
> --
> Domain=[ULTICOM] OS=[Unix] Server=[Samba 3.0.23b]
> tree connect failed: NT_STATUS_ACCESS_DENIED
> ------------------------------------------------------------------------
> --
> This sure sounds like the login works but the user ids don't allow
> access.
> (If I type my password wrong, I get a NT_STATUS_LOGON_FAILURE).
> Any other ideas?

Hello Gary,
I'm a newbie, so pls pardon me if I'm saying something here.
AFAIK, security = ADS is used when we want our samba to act as "middle-man" 
only, that is it forwards the authentication request to the AD. So, it's self 
doesn't do the authentication.

You might want to set it up as Samba PDC instead and then do interdomain trust 
from there to the AD.

CMIIW,
-- 
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial 
http://linux2.arinet.org
20:43:14 up 30 min, 2.6.20-16-generic GNU/Linux 
Let's use OpenOffice. http://www.openoffice.org
The real challenge of teaching is getting your students motivated to learn.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20071022/0c6362cd/attachment.bin

More information about the samba mailing list