[Samba] Configuration of smb.conf for Active Directory authentication
Rowland Penny
rpenny at samba.org
Fri Aug 26 15:51:29 UTC 2016
See inline comments.
On Fri, 26 Aug 2016 15:11:25 +0000
Kyle Manel via samba <samba at lists.samba.org> wrote:
> I've completed the configuration specified,
No you haven't
> and the command 'wbinfo
> -g' provides a list of the groups available and 'wbinfo -u' provides
> a list of all the users on the system, but I cannot access the
> shares; When I navigate a file explorer to \\ip.ad.dre.ss I am
> presented with a login screen, which I cannot log into with my ID;
> 'The user name or password is incorrect'
>
> I suspect an issue with my idmap configuration:
>
> [global]
> netbios name = FILESERVER-001
> security = ADS
> workgroup = SUBDOMAIN
> realm = SUBDOMAIN.DOMAIN.COM
>
> log file = /var/log/samba/%m.log
> log level = 1
>
> idmap config CORP: backend = ad
> idmap config CORP: schema_mode = rfc2307
> idmap config CORP: range = 1000-9999999999
I thought you were advised to use the 'rid' backend
> idmap uid = 50-9999999999
> idmap gid = 50-9999999999
Why have you also added the deprecated 'idmap uid' & 'idmap gid' lines,
they are not on the domain member wiki page.
> winbind nss info = rfc2307
You dont use the above line with the 'rid' backend
>
> allow dns updates = nonsecure
>
> [public]
> path = /srv/samba/share
> available = yes
> read only = no
> browsable = yes
> public = yes
> guest ok = yes
> writable = yes
the available line is the default
'read only = no' and 'writable = yes' are the same way of saying the
same thing, you do not need both.
'browsable = yes' is the default.
'public = yes' and 'guest ok = yes' are the same way of saying the
same thing, you do not need both.
Rowland
>
> Regards,
> Kyle
More information about the samba
mailing list