[Samba] AD authentication against a service name not part of AD.

Wes Reneau awreneau at gmail.com
Mon Oct 17 15:08:27 MDT 2011 

I have 3 node VCS cluster who all run the same smb.conf file but they are
all seperate instances.  Samba is not a part of the VCS cluster. I've joined
the boxes to AD and based on AD groups can successfully access the desired
shares only if you reference the server name and not the service name.  The
servername is server1.mydomain.com the service name is
serviceA.somedomain.net.

The service name is simply a DNS zone so no trusts exist.  I've pondered the
idea of having samba reference the interface where the service lives but in
the event the service is moved from server1 to server2 will that crash smb?

Ultimatley I want to access the service name to gain access to the shares as
the server name is going to be unreliable.  I've copied my smb.conf file
below and edited it to reflect the names I've used in the first paragraph.

[global]
>         workgroup = mydomain
>         realm = mydomain.com
>         server string = %h server (Samba %v)
>         security = ADS
>         allow trusted domains = No
>         password server = auth.mydomain.com
>         log level = 3
>         log file = /var/log/samba/log.%m
>         max log size = 1000
>         name resolve order = host wins bcast
>         time server = Yes
>         printcap name = cups
>         wins support = Yes
>         idmap uid = 16777217-33554431
>         idmap gid = 16777217-33554431
>         template shell = /bin/bash
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         cups options = raw
>
> [printers]
>         comment = All Printers
>         path = /var/spool/samba
>         printable = Yes
>         browseable = No
>
> [unixshare]
>         comment = UNIX Share
>         path = /tmp/UNIX_share
>         valid users = @"mydomain\UNIX System Administrators"
>         read only = No
>         browseable = No
>


> [reports]
>         comment = Report repository
>         path = /reports
>         guest ok = Yes
>         writeable = yes
>
> [verify]
>         path = /verify
>         guest ok = Yes
>         writeable = yes
>
>
When trying to access \\serviceA.somedomain.net\reports I get the error that
reads:

"No process is on the other end of the pipe"

However if I try to access \\server1.mydomain.com\reports it works fine.


I would appreciate any help.
Wes

More information about the samba mailing list