[Samba] Fwd: W2k8r2 and samba 3 integration
paul harford
harfordmeister at gmail.com
Wed Dec 4 05:50:55 MST 2013
On Wed, 2013-12-04 at 11:04 +0000, paul harford wrote:
> Hi Steve
> Yes the nas is joined to the domain. When i do wbinfo -u and -g all
> looks good when i do getent passwd i can see all the users and the
> same for groups.
>
>
> i didn't stick up the share config but its listed below
>
>
> [tshare]
>
> valid users = @"Domain removed\domain admins",@"Domain removed
> \domain users"
>
> path = /testpool/tshare
>
> write list = @"Domain removed\domain admins",@"Domain removed
> \domain users"
>
>
> This was just a test share but basically there will be user share on
> the NAS and we want to restrict the share to certain users and groups
> etc
>
>
> haven't heard of the keytab before can you explain ?
>
>
> Thanks for the response its appreciated
>
>
> Paul
Hi
Phew. AD, kerberos and keytabs would need a whole book to describe but
basically, with kerberos, not only does the user have to prove himself,
but also the machine on which he is working has to too. Hence the keytab
which must contain the machine key. This can be produced when the
machine is joined to the domain or, if you forgot, afterwards as
outlined below.
Add to smb.conf:
kerberos method = system keytab
now issue:
net ads keytab create -UAdministrator
and enter the windows Administrator password
That should get us to the next stage or give errors which will help us
further.
Meanwhile, what does
/etc/krb5.conf
look like?
Cheers,
Steve
More information about the samba
mailing list