disclaimer: I don't use Samba as an ADS member server. I use samba as
PDC with trusts to an ADS domain. So my observations may not be valuid.
Did you try updating nsswitch.conf
passwd: files winbind
group: files winbind
If you are using a Windows domain and have a user defined in the domain,
you generally don't want to add the user as a local user. Since the
underlying unix OS needs to know about the domain users you need to
either use nsswitch+winbind (which I do) or the smb pam module (which I
don't use, and not sure if it really is the correct approach.)
If you use nsswitch.conf+winbind you can then also OPTIONALLY allow
"windows" users "unix" access like ssh. My samba server is a PDC- I
have a domain trust with windows domains BUT the default shell is
"/bin/false." (It is still a little flaky...)
Does "getent passwd" show the windows users? It should show something like
ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false
or
SRE+ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false
It looks like = you already have a "unix" ben and a "ADS" ben defined?
"wbinfo -s" and "wbinfo -n" are also useful for making sure that the
name-to-sid and sid-to-name mappings are correct for domain users.
On 09/30/2010 08:17 AM, Ben George wrote:
HI
My name is Ben.T.George.
i followed http://www.edsiohio.com/images/advanced-AD-2009-05-18.pdf this
tutorial
my current status is .i successfully joined to the AD
*bash-3.00# ./net ads join -U administrator
Enter administrator's password:
Using short domain name -- SRE
Joined 'SUN1' to realm 'sre.com'*
and Wbinfo shows the users and groups from the AD
*bash-3.00# ./wbinfo -u
SUN1+ramana
SUN1+user1
SUN1+ben
administrator
guest
support_388945a0
krbtgt
teju
ben
ramana*
*bash-3.00# ./wbinfo -g
helpservicesgroup
telnetclients
domain computers
domain controllers
schema admins
enterprise admins
cert publishers
domain admins
domain users
domain guests
group policy creator owners
ras and ias servers
dnsadmins
dnsupdateproxy*
then i checked the AD,the Sun1 is listed under the computer tab.
That means my connection side is success na..?
this is my smb.conf file
*# Samba config file created using SWAT
# from UNKNOWN (ÿ¿û^H)
# Date: 2010/09/29 17:37:34
[global]
workgroup = SRE
realm = SRE.COM<http://sre.com/>
security = ADS
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
winbind use default domain = Yes
[user1]
path = /export/home/user1
valid users = user1, ramana, teju
[ramana]
path = /export/home/ramana
valid users = ramana, teju
[teju]
path = /export/home/teju
valid users = teju
[ben]
path = /export/home/ben
valid users = ben
[user1]
path = /export/home/user1
valid users = ben, user1, ramana, teju*
And Kerberos file: krb5.conf
*[libdefaults]
dns_lookup_realm = false
default_realm = SRE.COM<http://sre.com/>
ticket_lifetime = 600
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
#[kdc]
# profile = /krb5/var/krb5kdc/kdc.conf
[logging]
default = FILE:/usr/local/var/log/kdc.log
kdc = FILE:/usr/local/var/log/kdc.log
admin_server = FILE:/usr/local/var/log/adm.log
[realms]
SRE.COM<http://sre.com/> = {
kdc = srec.sre.com:88
admin_server = srec.sre.com:749
# default_domain = SRE.COM<http://sre.com/>
}
[domain_realm]
.sre.com = SRE.COM<http://sre.com/>
sre.com = SRE.COM<http://sre.com/>
[login]
krb4_convert = 0*
my need is,suppose ben is a user common to unix and windows..
when i login as ben through a windows machine,want to access the shared
folder for ben in Unix.(without giving password for ben)
another thing is when we change the password or username in Active
Directory,it also affect the same user in the unix
that means suppose i changes the user ben to ben1,and password...the changes
must be written in the /etc/passwd and shadow file..
is there any way to do this..i a beginner to this.so please give me good
advice
Thanks
Ben.T.George
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
