[Samba] FreeBSD,
Samba 3.0.28a joined to AD domain but prompts for login
Mike Galvez
mrg8n at virginia.edu
Tue Jul 1 16:22:03 GMT 2008
Jens,
Many thanks to you and Jason Haar. The home folder + my own built-in account was
causing confusion. I created a new share as you suggested and set the acls on it
with setfacl -m g:"MYDOMAIN\group":rwx share, and changed valid users to
valid users = +"MYDOMAIN\domain users".
After restarting the samba daemons, I can now log into the shares with
authentication handled by the Win2k3 PDC.
The client machine I'm using for testing is a MacBook running a VMware instance
of XP SP2.
Thanks again,
-Mike
On Tue, Jul 01, 2008 at 09:42:05AM +0200, Jens Nissen wrote:
> In addition to what Jason writes:
> It is good practice to start with a share like "shared" in "/export/shared" and not with the /homes folder, as the home-shares pose additional problems (like access rights). If the user accounts are already created as Unix local acounts, the domain users might not be able to access them.
> Make the /export/shared folder 777 and if this works continue towards the home shares.
> Important: Jason already indicated, that the valid users should be empty, when this works, make valid users something like "MYDOMAIN\%S" and see if you can make progress.
>
> Have fun with Samba,
>
> Jens
>
> -------- Original-Nachricht --------
> > Datum: Tue, 01 Jul 2008 12:04:41 +1200
> > Von: Jason Haar <Jason.Haar at trimble.co.nz>
> > An: Samba Questions <samba at lists.samba.org>
> > Betreff: Re: [Samba] FreeBSD, Samba 3.0.28a joined to AD domain but prompts for login
>
> > Mike Galvez wrote:
> > > Hi,
> > >
> > > I am trying to connect a FreeBSD server running 7.0 Release and Samba
> > 3.0.28a to a
> > > Windows 2003 AD Domain Controller. Has anyone had success with this
> > combo? I have joined
> > > the domain and I can enumerate users, groups, etc..
> > >
> >
> > Are you referring to Vista as the client? If so, upgrade to 3.0.30 as
> > Vista SP1 brought in a bunch of changes that broke Samba (and probably a
> > bunch of other things too... ;-)
> >
> > Secondly, I see you have a "valid users" variable under "[homes]", do
> > you explicitly need it? Try removing it and see if the problem disappears.
> >
> >
> >
> > --
> > Cheers
> >
> > Jason Haar
> > Information Security Manager, Trimble Navigation Ltd.
> > Phone: +64 3 9635 377 Fax: +64 3 9635 417
> > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
>
> --
> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
--
Mike Galvez
More information about the samba
mailing list