[Samba] Multiple samba servers with AD integration

Rowland Penny rowlandpenny at googlemail.com
Tue Dec 2 07:33:54 MST 2014 

On 02/12/14 13:36, Dennis Zheleznyak wrote:
> Hi all,
>
> I have a CentOS 6.6 machine with samba 3.6.23-12 that is joined to a
> Windows active directory domain.
>
> My goal is to configure multiple samba servers on the CentOS machine that
> will authenticate using domain controller of the active directory.
>
> DC = 1.1.1.1
> CentOS 6.6 = 1.1.1.2
>
> This is my smb.conf:
> [global]
>          netbios aliases = development sales
>          include = /etc/samba/smb.conf.%L
> workgroup = TEST
> server string = Samba Server Version %v
> security = ads
> realm = TEST.COM
> domain master = no
> local master = no
> preferred master = no
>          socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072
> SO_SNDBUF=131072
>          use sendfile = true
>
> idmap config * : backend = tdb
> idmap config * : range = 100000-299999
> idmap config TEST : backend = rid
> idmap config TEST : range = 10000-99999
>   winbind separator = +
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> winbind nested groups = yes
> winbind refresh tickets = yes
> template homedir = /home/%D/%U
> template shell = /bin/bash
>   client use spnego = yes
> client ntlmv2 auth = yes
> encrypt passwords = yes
> restrict anonymous = 2
>   log file = /var/log/samba/log.%m
> max log size = 50
>
> I've created additional two smb.conf.development and smb.conf.sales files
> with the same content except the two first lines and added a share
> definition(changed the names of the share and path) to both accordingly:
>
> [XYZXYZYXYZX]
> comment = Test share
> path = /samba/XYZXYZYXYZX
> read only = no
> valid users = @"TEST+Domain Users"
> force group = "Domain Users"
> directory mode = 0770
> force directory mode = 0770
> create mode = 0660
> force create mode = 0660
> # Hide share from users who don't have access
> access based share enum = yes
> # Hide files/directories if user doesn't have read access
> hide unreadable = yes
>
> However, when I try access the server using Windows :
> \\sales
> I cannot get passed the authentication windows.. Tried both local and
> active directory users and nothing works. It only works if I configure the
> share on the main smb.conf.
>
> Please help :)
>
> Thank you,
> Dennis.

I think I understand what you are trying to do, you have an initial 
smb.conf which calls 2 other nearly identical smb.conf's and you want to 
run three different samba servers on the same machine.  I don't think 
this is going to work, I am fairly sure you can only run once instance 
of samba on a machine. What you can do, is run one smb.conf that can 
include another conf file, this extra conf file usually contains shares.

If you want to run multiple samba instances on one machine, then I 
suggest you investigate VM's, one instance of samba per VM.

Also I suggest that you remove the 'socket options' line, you are 
probably making things worse by having this.

Rowland

More information about the samba mailing list