[Samba] help with AD integration
Ben George
bentech4you at gmail.com
Thu Sep 30 06:17:45 MDT 2010
HI
My name is Ben.T.George.
i followed http://www.edsiohio.com/images/advanced-AD-2009-05-18.pdf this
tutorial
my current status is .i successfully joined to the AD
*bash-3.00# ./net ads join -U administrator
Enter administrator's password:
Using short domain name -- SRE
Joined 'SUN1' to realm 'sre.com'*
and Wbinfo shows the users and groups from the AD
*bash-3.00# ./wbinfo -u
SUN1+ramana
SUN1+user1
SUN1+ben
administrator
guest
support_388945a0
krbtgt
teju
ben
ramana*
*bash-3.00# ./wbinfo -g
helpservicesgroup
telnetclients
domain computers
domain controllers
schema admins
enterprise admins
cert publishers
domain admins
domain users
domain guests
group policy creator owners
ras and ias servers
dnsadmins
dnsupdateproxy*
then i checked the AD,the Sun1 is listed under the computer tab.
That means my connection side is success na..?
this is my smb.conf file
*# Samba config file created using SWAT
# from UNKNOWN (ÿ¿û^H)
# Date: 2010/09/29 17:37:34
[global]
workgroup = SRE
realm = SRE.COM <http://sre.com/>
security = ADS
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
winbind use default domain = Yes
[user1]
path = /export/home/user1
valid users = user1, ramana, teju
[ramana]
path = /export/home/ramana
valid users = ramana, teju
[teju]
path = /export/home/teju
valid users = teju
[ben]
path = /export/home/ben
valid users = ben
[user1]
path = /export/home/user1
valid users = ben, user1, ramana, teju*
And Kerberos file: krb5.conf
*[libdefaults]
dns_lookup_realm = false
default_realm = SRE.COM <http://sre.com/>
ticket_lifetime = 600
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
#[kdc]
# profile = /krb5/var/krb5kdc/kdc.conf
[logging]
default = FILE:/usr/local/var/log/kdc.log
kdc = FILE:/usr/local/var/log/kdc.log
admin_server = FILE:/usr/local/var/log/adm.log
[realms]
SRE.COM <http://sre.com/> = {
kdc = srec.sre.com:88
admin_server = srec.sre.com:749
# default_domain = SRE.COM <http://sre.com/>
}
[domain_realm]
.sre.com = SRE.COM <http://sre.com/>
sre.com = SRE.COM <http://sre.com/>
[login]
krb4_convert = 0*
my need is,suppose ben is a user common to unix and windows..
when i login as ben through a windows machine,want to access the shared
folder for ben in Unix.(without giving password for ben)
another thing is when we change the password or username in Active
Directory,it also affect the same user in the unix
that means suppose i changes the user ben to ben1,and password...the changes
must be written in the /etc/passwd and shadow file..
is there any way to do this..i a beginner to this.so please give me good
advice
Thanks
Ben.T.George
More information about the samba
mailing list