[Samba] W2k8r2 and samba 3 integration

paul harford harfordmeister at gmail.com
Wed Dec 4 06:44:50 MST 2013


Hi Steve
i've just noticed after making the changes you mentioned the getent passwd
doesn't return the list of domain users now neither does getent groups

wbinfo - u and -g booth still return the list of domain users and groups

Paul


On 4 December 2013 11:14, steve <steve at steve-ss.com> wrote:

> On Wed, 2013-12-04 at 11:04 +0000, paul harford wrote:
> > Hi Steve
> > Yes the nas is joined to the domain. When i do wbinfo -u and -g all
> > looks good when i do getent passwd i can see all the users and the
> > same for groups.
> >
> >
> > i didn't stick up the share config but its listed below
> >
> >
> > [tshare]
> >
> >         valid users = @"Domain removed\domain admins",@"Domain removed
> > \domain users"
> >
> >         path = /testpool/tshare
> >
> >         write list = @"Domain removed\domain admins",@"Domain removed
> > \domain users"
> >
> >
> > This was just a test share but basically there will be user share on
> > the NAS and we want to restrict the share to certain users and groups
> > etc
> >
> >
> > haven't heard of the keytab before can you explain ?
> >
>
> >
> > Thanks for the response its appreciated
> >
> >
> > Paul
>
> Hi
> Phew. AD, kerberos and keytabs would need a whole book to describe but
> basically, with kerberos, not only does the user have to prove himself,
> but also the machine on which he is working has to too. Hence the keytab
> which must contain the machine key. This can be produced when the
> machine is joined to the domain or, if you forgot, afterwards as
> outlined below.
>
> Add to smb.conf:
> kerberos method = system keytab
>
> now issue:
> net ads keytab create -UAdministrator
> and enter the windows Administrator password
>
> That should get us to the next stage or give errors which will help us
> further.
>
> Meanwhile, what does
> /etc/krb5.conf
> look like?
>
> Cheers,
> Steve
>
>
>


More information about the samba mailing list