[Samba] Integrate Samba with Active Directory

Dale Schroeder dale at BriannasSaladDressing.com
Wed Jul 20 11:53:21 MDT 2011 

On 07/19/2011 4:49 PM, Bruno Martins wrote:
> On Tue, 2011-07-19 at 13:11 -0500, Dale Schroeder wrote:
>> On 07/19/2011 10:05 AM, Bruno Martins - GALILEU LISBOA wrote:
>>> Hello guys,
>>>
>>>
>>>
>>> I am setting up a Samba server (based on CentOS 5.6) on my company which
>>> will act as a print and file server. Also, it has dropbox installed.
>>>
>>>
>>>
>>> I have set up everything regarding to CUPS and Samba itself, but I'm not
>>> being able to integrate my shares with Active Directory.
>>>
>>>
>>>
>>> All I want is that access control to Samba shares is made through Active
>>> Directory users and their respective passwords, and not through
>>> Unix-style users and groups. Is this possible?
>>>
>>>
>>>
>>> Some configuration files:
>>>
>>> /etc/nsswitch.conf - http://pastebin.com/rPgXSL6G
>> Bruno,
>>
>> To start, change this:
>>          passwd: files ldap
>>          shadow:     files winbind
>>          group:      files winbind
>> To this:
>>
>>      passwd: files winbind ldap  (Are you using ldap for anything?)
>>      shadow: files
>>      group: files winbind
>>
>> kinit Administrator at GALILEU-F.GALILEU.PT
>> This should return nothing after entering the password.
>>
>> Is the join OK? net ads testjoin
>>
>> Try wbinfo -u and wbinfo -g to see if you get AD users and groups.
>>
>> If using PAM, is it configured for winbind?
>> http://www.enterprisenetworkingplanet.com/netsysm/article.php/3502441/Join-Linux-to-Active-Directory-With-Winbind.htm
>>
>> Dale
>>
>>> /etc/samba/smb.conf - http://pastebin.com/9uffAyjV
>>>
>>> /etc/krb5.conf - http://pastebin.com/9zJFQR6J
>>>
>>>
>>>
>>> Can someone please give me some lights on this?
>>>
>>>
>>>
>>> If you need more information, just tell me. ;-)
>>>
>>>
>>>
>>> Thanks for your cooperation.
>>>
>>>
>>>
>>> Best regards,
>>>
>>>
>>>
>>> Bruno Martins
>>>
> Hello Dale,
>
> Files have been corrected.
>
> How do you make 'net ads testjoin' as a certain user?
I believe you have to do this as root.
>
> I did this, to see if it helps you:
> http://paste2.org/p/1529126
>
> By the way, also take a look at kinit's result:
> http://paste2.org/p/1529128
That looks OK.

Do you get a listing of your AD users and groups with "wbinfo -u" and 
"wbinfo -g"?

As others have suggested, consider upgrading to a newer version.

For completeness, verify that the times are in sync between the samba 
server and the DC.

Dale
>
> I don't know if I'm using, but I'll take a look into that article as
> well.
>
> Thanks for your cooperation on this.
>
> Best regards,
>
> Bruno Martins
> .
>

More information about the samba mailing list