[Samba] SAMBA + KERBEROS + AD
Helio Calaça Filho
helio.calaca at gmail.com
Wed Mar 5 18:45:44 GMT 2008
SMB.CONF
# Samba config file created using SWAT
# from 10.10.15.33 (10.10.15.33)
# Date: 2008/03/04 13:39:37
[global]
workgroup = SAMBA
realm = SAMBA.COM
server string = Test Server
security = ADS
log level = 4
log file = /local/samba/var/%m.log
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
veto files = /.exe/*mp3*/
#[homes]
# comment = Personal Directory
# read only = No
# browseable = No
[teste]
comment = Test Directory
path = /teste
valid users = SAMBA #Ps.: SAMBA string here it's the domain, to can
accept all domain users
read only = No
veto files = /*.exe/*mp3*/
[commom_ad]
comment = Common Directory
path = /comum_ad
force user = smbtest
read only = No
guest ok = Yes
--------------------------------------------------------------------------------------------------------------
NSSWITCH.CONF
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files winbind
shadow: files
group: files winbind
#hosts: db files nisplus nis dns
hosts: files dns winbind
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
-------------------------------------------------------------------------------------------------------------------------------------
[root at redh lib]# ll libnss_winb*
-rwxr-xr-x 1 root root 18588 Fev 26 12:51 libnss_winbind.so
lrwxrwxrwx 1 root root 22 Fev 27 17:25 libnss_winbind.so.2 ->
/lib/libnss_winbind.so
-rwxr-xr-x 1 root root 892632 Set 1 2006 libnss_wins.so.2
--------------------------------------------------------------------------------------------------------------------
[root at redh lib]# ps -A
PID TTY TIME CMD
28736 ? 00:00:10 nmbd
28737 ? 00:00:00 winbindd
28738 ? 00:00:00 winbindd
28739 ? 00:00:00 smbd
28742 ? 00:00:00 smbd
28758 ? 00:00:00 winbindd
29019 ? 00:00:00 winbindd
31715 ? 00:00:00 smbd
----------------------------------------------------------------------------------------------------------------------
[root at redh lib]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[teste]"
Processing section "[comum_ad]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
-------------------------------------------------------------------------------------------------------------
[root at redh lib]# net ads join -U Administrator
suporte's password:
Using short domain name -- SAMBA
Joined 'REDH' to realm 'SAMBA.COM'
--------------------------------------------------------------------------------------------------------------------------
All correct apparently. But, when i try to access my samba shares using my
winxp station (logged in ads domain), the samba server ask a user n' pass. I
put any ads user and i can't.
Where i wrong?
See Ya!
Atte,
Hélio Calaça Filho
More information about the samba
mailing list