[Samba] help with AD integration

Ben George bentech4you at gmail.com
Thu Sep 30 06:17:45 MDT 2010


HI

My name is Ben.T.George.

i followed http://www.edsiohio.com/images/advanced-AD-2009-05-18.pdf this
tutorial


my current status is .i successfully joined to the AD


*bash-3.00# ./net ads join -U administrator
Enter administrator's password:
Using short domain name -- SRE
Joined 'SUN1' to realm 'sre.com'*

and Wbinfo shows the users and groups from the AD

*bash-3.00# ./wbinfo -u
SUN1+ramana
SUN1+user1
SUN1+ben
administrator
guest
support_388945a0
krbtgt
teju
ben
ramana*

*bash-3.00# ./wbinfo -g
helpservicesgroup
telnetclients
domain computers
domain controllers
schema admins
enterprise admins
cert publishers
domain admins
domain users
domain guests
group policy creator owners
ras and ias servers
dnsadmins
dnsupdateproxy*

then i checked the AD,the Sun1 is listed under the computer tab.

That means my connection side is success na..?

this is my smb.conf file

*# Samba config file created using SWAT
# from UNKNOWN (ÿ¿û^H)
# Date: 2010/09/29 17:37:34

[global]
        workgroup = SRE
        realm = SRE.COM <http://sre.com/>
        security = ADS
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind separator = +
        winbind use default domain = Yes

[user1]
        path = /export/home/user1
        valid users = user1, ramana, teju

[ramana]
        path = /export/home/ramana
        valid users = ramana, teju

[teju]
        path = /export/home/teju
        valid users = teju

[ben]
        path = /export/home/ben
        valid users = ben
[user1]
        path = /export/home/user1
        valid users = ben, user1, ramana, teju*


And Kerberos file: krb5.conf


*[libdefaults]
        dns_lookup_realm = false
        default_realm = SRE.COM <http://sre.com/>
        ticket_lifetime = 600
        kdc_req_checksum_type = 2
        checksum_type = 2
        ccache_type = 1

#[kdc]
#        profile = /krb5/var/krb5kdc/kdc.conf


[logging]
        default = FILE:/usr/local/var/log/kdc.log
        kdc = FILE:/usr/local/var/log/kdc.log
        admin_server = FILE:/usr/local/var/log/adm.log

[realms]
        SRE.COM <http://sre.com/> = {
                kdc = srec.sre.com:88
                admin_server = srec.sre.com:749
#                default_domain = SRE.COM <http://sre.com/>
        }

[domain_realm]
        .sre.com = SRE.COM <http://sre.com/>
        sre.com = SRE.COM <http://sre.com/>

[login]
    krb4_convert = 0*


my need is,suppose ben is a user common to unix and windows..
when i login as ben through a windows machine,want to access the shared
folder for ben in Unix.(without giving password for ben)

another thing is when we change the password or username in Active
Directory,it also affect the same user in the unix

that means suppose i changes the user ben to ben1,and password...the changes
must be written in the /etc/passwd and shadow file..

is there any way to do this..i a beginner to this.so please give me good
advice


Thanks
Ben.T.George


More information about the samba mailing list