[Samba] SAMBA + KERBEROS + AD

Helio Calaça Filho helio.calaca at gmail.com
Wed Mar 5 18:45:44 GMT 2008 

SMB.CONF

# Samba config file created using SWAT
# from 10.10.15.33 (10.10.15.33)
# Date: 2008/03/04 13:39:37

[global]
        workgroup = SAMBA
        realm = SAMBA.COM
        server string = Test Server
        security = ADS
        log level = 4
        log file = /local/samba/var/%m.log
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = Yes
        winbind enum groups = Yes
        veto files = /.exe/*mp3*/

#[homes]
#       comment = Personal Directory
#       read only = No
#       browseable = No
[teste]
        comment = Test Directory
        path = /teste
        valid users = SAMBA #Ps.: SAMBA string here it's the domain, to can
accept all domain users
        read only = No
        veto files = /*.exe/*mp3*/

[commom_ad]
        comment = Common Directory
        path = /comum_ad
        force user = smbtest
        read only = No
        guest ok = Yes

--------------------------------------------------------------------------------------------------------------

NSSWITCH.CONF

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#       nisplus or nis+         Use NIS+ (NIS version 3)
#       nis or yp               Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       db                      Use the local database (.db) files
#       compat                  Use NIS on compat mode
#       hesiod                  Use Hesiod for user lookups
#       [NOTFOUND=return]       Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files winbind
shadow:     files
group:      files winbind

#hosts:     db files nisplus nis dns
hosts:      files dns winbind

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   nisplus

publickey:  nisplus

automount:  files nisplus
aliases:    files nisplus
-------------------------------------------------------------------------------------------------------------------------------------
[root at redh lib]# ll libnss_winb*

-rwxr-xr-x 1 root root   18588 Fev 26 12:51 libnss_winbind.so
lrwxrwxrwx 1 root root      22 Fev 27 17:25 libnss_winbind.so.2 ->
/lib/libnss_winbind.so
-rwxr-xr-x 1 root root  892632 Set  1  2006 libnss_wins.so.2

--------------------------------------------------------------------------------------------------------------------
[root at redh lib]# ps -A
  PID TTY          TIME CMD

28736 ?        00:00:10 nmbd
28737 ?        00:00:00 winbindd
28738 ?        00:00:00 winbindd
28739 ?        00:00:00 smbd
28742 ?        00:00:00 smbd
28758 ?        00:00:00 winbindd
29019 ?        00:00:00 winbindd
31715 ?        00:00:00 smbd
----------------------------------------------------------------------------------------------------------------------
[root at redh lib]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[teste]"
Processing section "[comum_ad]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

-------------------------------------------------------------------------------------------------------------

[root at redh lib]# net ads join -U Administrator
suporte's password:
Using short domain name -- SAMBA
Joined 'REDH' to realm 'SAMBA.COM'

--------------------------------------------------------------------------------------------------------------------------
All correct apparently. But, when i try to access my samba shares using my
winxp station (logged in ads domain), the samba server ask a user n' pass. I
put any ads user and i can't.

Where i wrong?

See Ya!

Atte,
Hélio Calaça Filho

More information about the samba mailing list