[Samba] Configuration of smb.conf for Active Directory authentication

Kyle Manel Kyle.Manel at inbaytech.com
Fri Aug 26 15:11:25 UTC 2016

I've completed the configuration specified, and the command 'wbinfo -g' provides a list of the groups available and 'wbinfo -u' provides a list of all the users on the system, but I cannot access the shares;  When I navigate a file explorer to \\ip.ad.dre.ss I am presented with a login screen, which I cannot log into with my ID; 'The user name or password is incorrect'

I suspect an issue with my idmap configuration:

        netbios name = FILESERVER-001
        security = ADS
        workgroup = SUBDOMAIN
        realm = SUBDOMAIN.DOMAIN.COM

        log file = /var/log/samba/%m.log
        log level = 1

        idmap config    CORP:   backend =       ad
        idmap config    CORP:   schema_mode =   rfc2307
        idmap config    CORP:   range =         1000-9999999999
        idmap uid =                             50-9999999999
        idmap gid =                             50-9999999999
        winbind nss info =                      rfc2307

       allow dns updates = nonsecure

        path = /srv/samba/share
        available =                             yes
        read only =                             no
        browsable =                             yes
        public =                                yes
        guest ok =                              yes
        writable =                              yes


-----Original Message-----
From: Michael A Weber [mailto:mweber.subscriptions01 at gmail.com] 
Sent: Wednesday, August 24, 2016 5:21 PM
To: Kyle Manel <Kyle.Manel at inbaytech.com>
Cc: samba at lists.samba.org
Subject: Re: [Samba] Configuration of smb.conf for Active Directory authentication


Keep it simple and follow the guide you linked, and Rowland’s rid recommendation, and you’ll be set.


> On Aug 24, 2016, at 3:04 PM, Kyle Manel via samba <samba at lists.samba.org> wrote:
> I've been working through a guide documenting how to do this at https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member and am presently deciphering what needs I have in my winbind configuration.
> In doing so, I've come across the 'passdb backend = ldapsam' option and am curious if I can use this, and if it is wise, identifying that key exchange is complex and a vulnerability at times, but it does provide no local storage of pw either, which may be a greater vulnerability.
> Any insight into this, or if this passdb option even works as I 
> believe it to would be valuable to me, Kyle
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list