[Samba] Multiple samba servers with AD integration
Dennis Zheleznyak
dennis at eshkol.com.co
Tue Dec 2 07:50:48 MST 2014
Hi Penny,
Thank you for your quick and informative response !! I really appreciate it
!
I think I may have found a solution to this issue:
By editing a propery named servicePrincipalName using ADSI Editor on the
Windows side, I'm not able to access all the virtual servers I configured
on the Linux side successfully.
Let me know what do you think about it :)
Thank you,
Dennis.
On Tue, Dec 2, 2014 at 4:33 PM, Rowland Penny <rowlandpenny at googlemail.com>
wrote:
> On 02/12/14 13:36, Dennis Zheleznyak wrote:
>
>> Hi all,
>>
>> I have a CentOS 6.6 machine with samba 3.6.23-12 that is joined to a
>> Windows active directory domain.
>>
>> My goal is to configure multiple samba servers on the CentOS machine that
>> will authenticate using domain controller of the active directory.
>>
>> DC = 1.1.1.1
>> CentOS 6.6 = 1.1.1.2
>>
>> This is my smb.conf:
>> [global]
>> netbios aliases = development sales
>> include = /etc/samba/smb.conf.%L
>> workgroup = TEST
>> server string = Samba Server Version %v
>> security = ads
>> realm = TEST.COM
>> domain master = no
>> local master = no
>> preferred master = no
>> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072
>> SO_SNDBUF=131072
>> use sendfile = true
>>
>> idmap config * : backend = tdb
>> idmap config * : range = 100000-299999
>> idmap config TEST : backend = rid
>> idmap config TEST : range = 10000-99999
>> winbind separator = +
>> winbind enum users = yes
>> winbind enum groups = yes
>> winbind use default domain = yes
>> winbind nested groups = yes
>> winbind refresh tickets = yes
>> template homedir = /home/%D/%U
>> template shell = /bin/bash
>> client use spnego = yes
>> client ntlmv2 auth = yes
>> encrypt passwords = yes
>> restrict anonymous = 2
>> log file = /var/log/samba/log.%m
>> max log size = 50
>>
>> I've created additional two smb.conf.development and smb.conf.sales files
>> with the same content except the two first lines and added a share
>> definition(changed the names of the share and path) to both accordingly:
>>
>> [XYZXYZYXYZX]
>> comment = Test share
>> path = /samba/XYZXYZYXYZX
>> read only = no
>> valid users = @"TEST+Domain Users"
>> force group = "Domain Users"
>> directory mode = 0770
>> force directory mode = 0770
>> create mode = 0660
>> force create mode = 0660
>> # Hide share from users who don't have access
>> access based share enum = yes
>> # Hide files/directories if user doesn't have read access
>> hide unreadable = yes
>>
>> However, when I try access the server using Windows :
>> \\sales
>> I cannot get passed the authentication windows.. Tried both local and
>> active directory users and nothing works. It only works if I configure the
>> share on the main smb.conf.
>>
>> Please help :)
>>
>> Thank you,
>> Dennis.
>>
>
> I think I understand what you are trying to do, you have an initial
> smb.conf which calls 2 other nearly identical smb.conf's and you want to
> run three different samba servers on the same machine. I don't think this
> is going to work, I am fairly sure you can only run once instance of samba
> on a machine. What you can do, is run one smb.conf that can include another
> conf file, this extra conf file usually contains shares.
>
> If you want to run multiple samba instances on one machine, then I suggest
> you investigate VM's, one instance of samba per VM.
>
> Also I suggest that you remove the 'socket options' line, you are probably
> making things worse by having this.
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list