[Samba] Samba (winbind) integration into an Active Directory domain

Chad masterclc at gmail.com
Tue Sep 25 23:04:57 GMT 2007


I have an existing Active Directory domain with a couple hundred
users.  I am trying to setup our Linux (Gentoo specifically) servers
to allow "seamless" login integration at the console, via ssh and
possibly using smbmount.

I think I've got it pretty close, but seem to be missing something.
When my test user logs in, a home directory is created for them, the
console throws up the last login information, and then immediately
logs them back out.

I've searched the log files (messages, log.smbd/nmbd/winbind) but
don't see anything blatently obvious.  I followed the Samba docs, and
have since tried variations that are abundant around the web.

Technical bits:
I'm authenticating via kerberos using winbind against an Active
Directory implementation on top of a Windows 2003-r2 server.
I'm running a fresh up-to-date (as of today) install of gentoo (not
~x86, just x86) 2.6.22-r5, samba 3.0.24-r3, pam 0.78-r5

smb.conf is:

workgroup = MYDOMAIN
security = ADS
log level = 2
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes

I tried changing the separator to \ to give the "feel" of Windows, but
samba didn't like it, and assumed I had no character there, so I
switched it to the often used example of +.  Other than that, I can't
see anything obviously wrong.  I can post up my nsswitch.conf and my
pam.d/login - pam.d/system-auth files if anyone thinks it's a problem
in one of those.



More information about the samba mailing list