[Samba] Samba with NIS and AD 2008

Crombach, Leo B CrombachLB at Corning.com
Mon Aug 29 08:20:57 MDT 2011

List Guru's,

I've been using Samba successfully for several years in a mixed
environment with Sun workstations and servers, Windows servers and PCs,
and Linux.  The Sun systems all communicate and share user information
via NIS.  I use NFS to mount home directories and many other shares.  In
order to allow the PC clients to access the data on the Sun systems, I
set up a RedHat 9 box with Samba.  The original version was 2.2.7.  I
upgraded this a year or two ago to 3.0.1-2.  This system was configured
as a member server in an NT domain with Active Directory.  I had it
working so that Samba authenticated against the NT domain to allow
access to the Samba shares.  The Linux box was basically a gateway or
bridge between the PC world and the UNIX world.  When connecting to a
Samba share, the system would correctly NFS mount the requested resource
and map it back to the PC.  All was good for several years.

Now, we are upgrading the Windows backend to Windows/Active Directory
2008.  When our IT group promoted the new domain controllers and demoted
the old ones, Samba broke.  Couldn't join the domain and could not share
resources.  We even reversed the Windows environment but still couldn't
get back to the previous state.

I'm now running OpenSuse 11.4 with Samba 3.5.7.  I have successfully
joined the domain and can enable shares.  The only problem now is
authentication.  I have to create users in smbpasswd in order to connect
to any shares.  Didn't have to do this before.  And users get prompted
for username and password.  Didn't have to do this before either.

I would like mapping drives to be transparent just as they are with a
Windows server.

Here is the Global portion of my current smb.conf file:

        workgroup = NA
        realm = NA.MYCOMPANY.COM
        server string = forge
        security = ADS
        map to guest = Bad User
        passdb backend = smbpasswd
        username map = /packages/smbmap/smbnames
        unix password sync = Yes
        client NTLMv2 auth = Yes
        log level = 3
        log file = /var/log/samba/%m.log
        max log size = 0
        printcap name = cups
        domain master = No
        wins server =
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind trusted domains only = Yes
        winbind refresh tickets = Yes
        cups options = raw

How can I get Samba to authenticate with AD (2008) and NIS seamlessly?


More information about the samba mailing list