[Samba] Help with samba in AD environment

Phusion phusion2k at gmail.com
Wed Feb 3 08:27:40 MST 2010


I need some help in configuring samba on a FreeBSD 8.0 server. I've
used the following as a base. My goal is to have a samba share where I
can set permissions for Active Directory users. I don't care about
SSHing into the server using Active Directory account information.

http://forums.freebsd.org/showthread.php?p=64144&#post64144
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member

I installed the samba 3.3 port (3.3.9) and only had the following
options enabled: LDAP, ADS, WINBIND, ACL_SUPPORT, SYSLOG and POPT.

  [global]
  workgroup = ABC
  netbios name = server
  server string =
  realm = ABC.LOCAL
  security = ADS
  password server = pdc.Abc.local
  idmap gid = 10000-20000
  idmap uid = 10000-20000
  winbind refresh tickets = yes
  winbind use default domain = yes
# vi /usr/local/etc/smb.conf
  [libdefaults]
  default_realm = ABC.LOCAL
  [domain_realm]
  .Abc.local = ABC.LOCAL
  [realms]
  ABC.LOCAL = {
  kdc = pdc.Abc.local
  }
  [logging]
  kdc = FILE:/var/heimdal/kdc.log
# vi /etc/krb5.conf
  samba_enable="YES"
  winbindd_enable="YES"
# vi /etc/rc.conf.local
# /usr/local/etc/rc.d/samba start
Removing stale Samba tdb files:  done
Starting nmbd.
Starting smbd.
Starting winbindd.
# /usr/local/bin/net ads join -U Administrator -S pdc.Abc.local
Enter Administrator's password:
Using short domain name -- ABC
Joined 'SERVER' to realm 'Abc.local'
Checked and the computer shows up in the Active Directory computers.
# kinit Administrator at ABC.LOCAL
Administrator at ABC.LOCAL's Password:

After doing a reboot the following commands both worked: wbinfo -u,
wbinfo -g. Here are the messages I see in the log file.

Feb  2 16:33:26 server winbindd[812]: [2010/02/02 16:33:26,  0]
winbindd/idmap.c:smb_register_idmap_alloc(201)
Feb  2 16:33:26 server winbindd[812]:   idmap_alloc module ldap
already registered!
Feb  2 16:33:26 server winbindd[812]: [2010/02/02 16:33:26,  0]
winbindd/idmap.c:smb_register_idmap_alloc(201)
Feb  2 16:33:26 server winbindd[812]:   idmap_alloc module tdb already
registered!
Feb  2 16:33:26 server winbindd[812]: [2010/02/02 16:33:26,  0]
winbindd/idmap.c:smb_register_idmap(149)
Feb  2 16:33:26 server winbindd[812]:   Idmap module passdb already registered!
Feb  2 16:33:26 server winbindd[812]: [2010/02/02 16:33:26,  0]
winbindd/idmap.c:smb_register_idmap(149)
Feb  2 16:33:26 server winbindd[812]:   Idmap module nss already registered!

Do I need to modify /etc/nsswitch.conf or just /usr/local/etc/smb.conf
since I'm only concerned with samba share permissions. Also, can
someone show me an example of what to put in smb.conf for a share. Let
me know. Thanks.

Phusion


More information about the samba mailing list