[Samba] Configuration of smb.conf for Active Directory authentication
Kyle Manel
Kyle.Manel at inbaytech.com
Fri Aug 26 15:11:25 UTC 2016
I've completed the configuration specified, and the command 'wbinfo -g' provides a list of the groups available and 'wbinfo -u' provides a list of all the users on the system, but I cannot access the shares; When I navigate a file explorer to \\ip.ad.dre.ss I am presented with a login screen, which I cannot log into with my ID; 'The user name or password is incorrect'
I suspect an issue with my idmap configuration:
[global]
netbios name = FILESERVER-001
security = ADS
workgroup = SUBDOMAIN
realm = SUBDOMAIN.DOMAIN.COM
log file = /var/log/samba/%m.log
log level = 1
idmap config CORP: backend = ad
idmap config CORP: schema_mode = rfc2307
idmap config CORP: range = 1000-9999999999
idmap uid = 50-9999999999
idmap gid = 50-9999999999
winbind nss info = rfc2307
allow dns updates = nonsecure
[public]
path = /srv/samba/share
available = yes
read only = no
browsable = yes
public = yes
guest ok = yes
writable = yes
Regards,
Kyle
-----Original Message-----
From: Michael A Weber [mailto:mweber.subscriptions01 at gmail.com]
Sent: Wednesday, August 24, 2016 5:21 PM
To: Kyle Manel <Kyle.Manel at inbaytech.com>
Cc: samba at lists.samba.org
Subject: Re: [Samba] Configuration of smb.conf for Active Directory authentication
Kyle—
Keep it simple and follow the guide you linked, and Rowland’s rid recommendation, and you’ll be set.
Mike
> On Aug 24, 2016, at 3:04 PM, Kyle Manel via samba <samba at lists.samba.org> wrote:
>
> I've been working through a guide documenting how to do this at https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member and am presently deciphering what needs I have in my winbind configuration.
> In doing so, I've come across the 'passdb backend = ldapsam' option and am curious if I can use this, and if it is wise, identifying that key exchange is complex and a vulnerability at times, but it does provide no local storage of pw either, which may be a greater vulnerability.
>
> Any insight into this, or if this passdb option even works as I
> believe it to would be valuable to me, Kyle
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list