What's /etc/nsswitch.conf say?
On 3/27/07, Tim Hallin <timhallin at gmail.com> wrote: > > I setup up a samba server using SLES 10. I have joined an AD domain. > wbinfo -u - returns the AD user list, so I think winbind is working. In > Linux I can give domain users ownership of files (chown). When I setup a > share the Domain users can see the share but not login unless I remove Samba > from the Domain and enter them locally (smbpasswd -a). It will not let > domain users access samba shares. I think Kerberos is working. I have used > Samba for years, this is my first attempt at using AD for authentication. > > Can a Samba member server directory join an Active Directory Domain or > does it need to connect through a Samba Domain Controller? Or Does my first > Samba box need to a Domain Controller ? > > Thanks, > > Tim Hallin > > > > [global] > workgroup = FRANKLIN > realm = FRANKLIN.INT > server string = Windows Server 2003 > security = ADS > map to guest = Bad User > password server = DC1 DC2 > printcap name = cups > logon path = \\%L\profiles\.msprofile > logon drive = P: > logon home = \\%L\%U\.9xprofile > domain master = No > ldap ssl = no > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind use default domain = Yes > winbind refresh tickets = yes > cups options = raw > include = /etc/samba/dhcp.conf > template homedir = /home/%D/%U > template shell = /bin/bash > > [profiles] > comment = Network Profiles Service > path = %H > read only = No > create mask = 0600 > directory mask = 0700 > store dos attributes = Yes > > [users] > comment = All users > path = /data/profiles > read only = No > inherit acls = Yes > veto files = /aquota.user/groups/shares/ > > [groups] > comment = All groups > path = /data/groups > read only = No > inherit acls = Yes > > [printers] > comment = All Printers > path = /var/tmp > create mask = 0600 > printable = Yes > browseable = No > > [print$] > comment = Printer Drivers > path = /var/lib/samba/drivers > write list = @ntadmin, root > force group = ntadmin > create mask = 0664 > directory mask = 0775 > > [test] > comment = test > path = /test > valid users = FRANKLIN\tth > write list = FRANKLIN\tth > read only = No > inherit acls = Yes > > _______________________________________________ > General mailing list > General at brlug.net > http://mail.brlug.net/mailman/listinfo/general_brlug.net > > -------------- next part -------------- An HTML attachment was scrubbed... URL: /pipermail/general_brlug.net/attachments/20070327/78908f18/attachment-0001.html
