[Samba] Fw: Samba as fileserver in an Windows AD Domain
Andrew.Masterson at nuvistaenergy.com
Fri Oct 30 08:04:16 MDT 2009
> > I tried to setup a SuSE10.2 with samba 3.0.23d (but the same trouble
> > SuSE11.1).
> > I got a valid Kerberos Ticket and joined successfully the domain
> > join).
> > Users and group are displayed with wbinfo -u / -g . I could also
> > accounts with wbinfo -a user%pass.
> > When I tried to access the shares, the dialog apears to give the
> > credentials. It doesn't matter what you fill in, there is no access.
> > I also could not get users and groups with getent passwd / group. I
> > different configs of
> > /etc/nsswitch.conf with different results:
> > only local accounts will be showed:
> > passwd: compat
> > group: compat
> > local account and the group BUILTIN
> > passwd: files winbind
> > group: files winbind
> > here are the local account, the BUILTIN group and a new entry like
> > "+::0:" are displayed
> > I think there is a problem with matching Windows LDAP with *nix LDAP
> > passwd: files winbind ldap
> > group: files winbind ldap
> > My /etc/smb.conf:
> > [global]
> > workgroup = WIN2003SRV
> > security = ADS
> > realm = win2003srv.loc
> > idmap backend = ad
> > idmap uid = 10000-20000
> > idmap gid = 10000-20000
> > template homedir = /home/%D/%U
> > winbind separator = +
> > password server = 10.1.2.154
> > domain master = No
> > ldap ssl = no
> > winbind use default domain = yes
> > winbind enum users = yes
> > winbind enum groups = yes
> > winbind nested groups = yes
> > encrypt passwords = yes
> > client use spnego = yes
> > wins server = 10.1.2.154
> > I see successful logins at the Windows DC.
> > Do I need LDAP, or is Kerberos enough?
> > Could somebody tell me what I do wrong?
> is really nobody able to give me a hint what to look for?
Is nscd running? If so, turn it off. I think the default SUSE installs
have nscd enabled.
More information about the samba