[Samba] Samba (winbind) integration into an Active Directory domain
masterclc at gmail.com
Tue Sep 25 23:04:57 GMT 2007
I have an existing Active Directory domain with a couple hundred
users. I am trying to setup our Linux (Gentoo specifically) servers
to allow "seamless" login integration at the console, via ssh and
possibly using smbmount.
I think I've got it pretty close, but seem to be missing something.
When my test user logs in, a home directory is created for them, the
console throws up the last login information, and then immediately
logs them back out.
I've searched the log files (messages, log.smbd/nmbd/winbind) but
don't see anything blatently obvious. I followed the Samba docs, and
have since tried variations that are abundant around the web.
I'm authenticating via kerberos using winbind against an Active
Directory implementation on top of a Windows 2003-r2 server.
I'm running a fresh up-to-date (as of today) install of gentoo (not
~x86, just x86) 2.6.22-r5, samba 3.0.24-r3, pam 0.78-r5
workgroup = MYDOMAIN
realm = MYDOMAIN.COM
security = ADS
password server = MYACTIVEDIRECTORYSERVER.MYDOMAIN.COM
log level = 2
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
I tried changing the separator to \ to give the "feel" of Windows, but
samba didn't like it, and assumed I had no character there, so I
switched it to the often used example of +. Other than that, I can't
see anything obviously wrong. I can post up my nsswitch.conf and my
pam.d/login - pam.d/system-auth files if anyone thinks it's a problem
in one of those.
More information about the samba