[Samba] RE: Samba with ADS
Edward Ned Harvey
samba at nedharvey.com
Mon Jun 15 23:51:28 GMT 2009
> Environment: Sun Solaris 9 sparc
> Software: Samba-3.3.3, KRB5-1.6.3, OpenLDAP-2.4.11
> Problem:
> Am trying to create shares with Samba so that users can map to folders
> on this server using Active Directory. I am successful in creating a
> Kerberos ticket; I can join the domain; and wbinfo -u and -g give me
> users in the AD. However, getent passwd only gives me a list of users
> on the server and not in the AD. The winbindd.log file has a lot of
> these lines:
>
> [2009/06/15 10:41:59, 0] winbindd/winbindd.c:request_len_recv(616)
> request_len_recv: Invalid request size received: 2088 (expected 2096)
> [2009/06/15 10:43:29, 0] winbindd/winbindd.c:request_len_recv(616)
> request_len_recv: Invalid request size received: 2088 (expected 2096)
> [2009/06/15 10:47:54, 0] winbindd/winbindd.c:request_len_recv(616)
> request_len_recv: Invalid request size received: 2088 (expected 2096)
> [2009/06/15 10:47:54, 0] winbindd/winbindd.c:request_len_recv(616)
> request_len_recv: Invalid request size received: 2088 (expected 2096)
> [2009/06/15 10:47:54, 0] winbindd/winbindd.c:request_len_recv(616)
> request_len_recv: Invalid request size received: 2088 (expected 2096)
>
> If you have any advice and/or guidance, I would greatly appreciate it.
> Thank you!
I don't think you need to use winbind. In all of my situations, winbind
only got in the way, and I always have more success with winbind disabled.
It's been a while since I read what winbind was for - I think it's meant to
keep track of UID/username mappings, to ensure consistency among multiple
samba servers if you have more than one. For this purpose, I just use the
regular passwd files or NIS, both of which I think are more reliable and
simpler to manage.
Instead of winbind, I just use "net join -w DOMAIN -U administrator" and use
smb.conf like this:
[global]
workgroup = DOMAIN
realm = DOMAIN.COM
server string = Samba Server
security = DOMAIN
log file = /var/samba/log/log.%m
max log size = 50
unix extensions = No
load printers = No
printcap name = /dev/null
dns proxy = No
wins server = 192.168.x.y
ldap ssl = no
create mask = 0660
security mask = 0660
directory mask = 0770
directory security mask = 0770
[share]
path = /share
read only = No
More information about the samba
mailing list