[Samba] W2k8r2 and samba 3 integration
paul harford
harfordmeister at gmail.com
Wed Dec 4 07:24:38 MST 2013
Thanks L.P.H i'll have a look at those
On 4 December 2013 14:07, L.P.H. van Belle <belle at bazuin.nl> wrote:
> for good info about this look here.
>
> http://www.danbishop.org/2012/06/02/ubuntu-12-04-ultimate-server-guide/
> and here
>
> http://blog.scottlowe.org/2007/07/09/linux-ad-integration-with-windows-server-2008/
>
> these where very usefull for me.
>
>
> Louis
>
>
>
> >-----Oorspronkelijk bericht-----
> >Van: harfordmeister at gmail.com
> >[mailto:samba-bounces at lists.samba.org] Namens paul harford
> >Verzonden: woensdag 4 december 2013 14:45
> >Aan: steve; samba at lists.samba.org
> >Onderwerp: Re: [Samba] W2k8r2 and samba 3 integration
> >
> >Hi Steve
> >i've just noticed after making the changes you mentioned the
> >getent passwd
> >doesn't return the list of domain users now neither does getent groups
> >
> >wbinfo - u and -g booth still return the list of domain users
> >and groups
> >
> >Paul
> >
> >
> >On 4 December 2013 11:14, steve <steve at steve-ss.com> wrote:
> >
> >> On Wed, 2013-12-04 at 11:04 +0000, paul harford wrote:
> >> > Hi Steve
> >> > Yes the nas is joined to the domain. When i do wbinfo -u and -g all
> >> > looks good when i do getent passwd i can see all the users and the
> >> > same for groups.
> >> >
> >> >
> >> > i didn't stick up the share config but its listed below
> >> >
> >> >
> >> > [tshare]
> >> >
> >> > valid users = @"Domain removed\domain
> >admins",@"Domain removed
> >> > \domain users"
> >> >
> >> > path = /testpool/tshare
> >> >
> >> > write list = @"Domain removed\domain
> >admins",@"Domain removed
> >> > \domain users"
> >> >
> >> >
> >> > This was just a test share but basically there will be
> >user share on
> >> > the NAS and we want to restrict the share to certain users
> >and groups
> >> > etc
> >> >
> >> >
> >> > haven't heard of the keytab before can you explain ?
> >> >
> >>
> >> >
> >> > Thanks for the response its appreciated
> >> >
> >> >
> >> > Paul
> >>
> >> Hi
> >> Phew. AD, kerberos and keytabs would need a whole book to
> >describe but
> >> basically, with kerberos, not only does the user have to
> >prove himself,
> >> but also the machine on which he is working has to too.
> >Hence the keytab
> >> which must contain the machine key. This can be produced when the
> >> machine is joined to the domain or, if you forgot, afterwards as
> >> outlined below.
> >>
> >> Add to smb.conf:
> >> kerberos method = system keytab
> >>
> >> now issue:
> >> net ads keytab create -UAdministrator
> >> and enter the windows Administrator password
> >>
> >> That should get us to the next stage or give errors which
> >will help us
> >> further.
> >>
> >> Meanwhile, what does
> >> /etc/krb5.conf
> >> look like?
> >>
> >> Cheers,
> >> Steve
> >>
> >>
> >>
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list