[Samba] Help with samba in AD environment
Phusion
phusion2k at gmail.com
Wed Feb 3 08:27:40 MST 2010
I need some help in configuring samba on a FreeBSD 8.0 server. I've
used the following as a base. My goal is to have a samba share where I
can set permissions for Active Directory users. I don't care about
SSHing into the server using Active Directory account information.
http://forums.freebsd.org/showthread.php?p=64144&#post64144
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member
I installed the samba 3.3 port (3.3.9) and only had the following
options enabled: LDAP, ADS, WINBIND, ACL_SUPPORT, SYSLOG and POPT.
[global]
workgroup = ABC
netbios name = server
server string =
realm = ABC.LOCAL
security = ADS
password server = pdc.Abc.local
idmap gid = 10000-20000
idmap uid = 10000-20000
winbind refresh tickets = yes
winbind use default domain = yes
# vi /usr/local/etc/smb.conf
[libdefaults]
default_realm = ABC.LOCAL
[domain_realm]
.Abc.local = ABC.LOCAL
[realms]
ABC.LOCAL = {
kdc = pdc.Abc.local
}
[logging]
kdc = FILE:/var/heimdal/kdc.log
# vi /etc/krb5.conf
samba_enable="YES"
winbindd_enable="YES"
# vi /etc/rc.conf.local
# /usr/local/etc/rc.d/samba start
Removing stale Samba tdb files: done
Starting nmbd.
Starting smbd.
Starting winbindd.
# /usr/local/bin/net ads join -U Administrator -S pdc.Abc.local
Enter Administrator's password:
Using short domain name -- ABC
Joined 'SERVER' to realm 'Abc.local'
Checked and the computer shows up in the Active Directory computers.
# kinit Administrator at ABC.LOCAL
Administrator at ABC.LOCAL's Password:
After doing a reboot the following commands both worked: wbinfo -u,
wbinfo -g. Here are the messages I see in the log file.
Feb 2 16:33:26 server winbindd[812]: [2010/02/02 16:33:26, 0]
winbindd/idmap.c:smb_register_idmap_alloc(201)
Feb 2 16:33:26 server winbindd[812]: idmap_alloc module ldap
already registered!
Feb 2 16:33:26 server winbindd[812]: [2010/02/02 16:33:26, 0]
winbindd/idmap.c:smb_register_idmap_alloc(201)
Feb 2 16:33:26 server winbindd[812]: idmap_alloc module tdb already
registered!
Feb 2 16:33:26 server winbindd[812]: [2010/02/02 16:33:26, 0]
winbindd/idmap.c:smb_register_idmap(149)
Feb 2 16:33:26 server winbindd[812]: Idmap module passdb already registered!
Feb 2 16:33:26 server winbindd[812]: [2010/02/02 16:33:26, 0]
winbindd/idmap.c:smb_register_idmap(149)
Feb 2 16:33:26 server winbindd[812]: Idmap module nss already registered!
Do I need to modify /etc/nsswitch.conf or just /usr/local/etc/smb.conf
since I'm only concerned with samba share permissions. Also, can
someone show me an example of what to put in smb.conf for a share. Let
me know. Thanks.
Phusion
More information about the samba
mailing list