Hi Denis, Thanks for help! After trying several things out I finally worked it out ;-)
No I can connect with the useres from my WinDomain to the samba server - that's fine But: How do I create vald shares for the several groups? How can I set the rights for the different folders for different Windows-users & Windows-groups? Has this be done on windows or on linux? I just tried to set permissions with konqueror (if I type the name of my windomain in the field "user" I can see all valid entries in the field... So there is a connection to my PDC) to my existig samba share - but as soon as I try to create a folder from windows I get an error "permission denied" - the same happens if I try to change permissions from windows.. In windows I can see that I'm a valid user for this folder (all permisssions) but I can't change permissions on this folder an also I can't add files or folders to it.... I only changed the samba entry in the pam.d folder: Auth required pam_winbind.so nodelay Account required pam_winbind.so nodelay Session required pam_winbind.so nodelay Password required pam_winbind.so nodelay - do I have to change some more of these files to get this working? Regards Dieter -----Urspr�ngliche Nachricht----- Von: Denis M.J. [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 30. Oktober 2003 06:04 An: Dieter Wilkens Cc: [EMAIL PROTECTED] Betreff: Re: AW: [Samba] Help for Samba 3 and Win ADS Hi Dieter, There are several things you need to set up on the samba server for AD user to have access to it. * To be in the AD/domain - smb.conf with the proper security mode, password server and realm - net join the AD - make sure the samba machine shows up in the list of trusted computers and is properly accessible (DNS and that kind) - make sure smbd, nmbd and winbind run you can than check the list of users with the command $ getent passwd * To let users access unix services - set up nsswitch.conf so passwd and group also use winbind - set up pam properly, ie let it use winbind too. I think this should work. At least that's what the doc says. I am not really familiar with the error you're getting but it might be because you're not using winbind. Quote from the doc: "If winbindd is not running, smbd (which calls winbindd) will fall back to using purely local information from /etc/passwd and /etc/group and no dynamic mapping will be used." So make sure winbind is running, the HOWTO explains how to add it to you /etc/init.d/samba. It might vary depending on where you got samba from (official package or distribution package). Chapter 21 is on winbind. I hope it works out for you. Denis Dieter Wilkens wrote: >Hi Denis, > >I just tried this but still I can't log on the samba server with a >domain user! > >If I try to do so I get the error: > >[2003/10/29 08:48:37, 0] auth/auth_util.c:make_server_info_info3(1017) > make_server_info_info3: pdb_init_sam failed! > >in the log file of the client on samba server... > >Is there anytihng else I have to adjust on the samba server? >I sucessfully joined the domain with ADS and can see the server from my >windows machine - but as soon as I try to connect I get the error >(exept with one user that I created on the linux server....)! > >Any ideas? > >Here is my smb.conf > >********************************************************************** > >#======================= Global Settings ======================= >[global] > log file = /var/log/samba/log.%m > server string = %h server (Samba %v) > socket options = TCP_NODELAY > encrypt passwords = yes > security = ads > realm = <MYREALM> > workgroup = <MYDOMAIN> > password server = <MYWINPDC> > syslog = 0 > >#====================== Shares ================================= >[daten] comment = Daten auf Debian >path = /daten >browsable = yes >guest ok = yes > >********************************************************************** > > > >-----Urspr?ngliche Nachricht----- >Von: Denis M.J. [mailto:[EMAIL PROTECTED] >Gesendet: Dienstag, 28. Oktober 2003 21:52 >An: Dieter Wilkens >Cc: [EMAIL PROTECTED] >Betreff: Re: [Samba] Help for Samba 3 and Win ADS > > >If you're joining the AD you can use the mode ADS with the lines # smb.conf: > security = ADS > realm = your.kerberos.realm > encrypt passwords = yes > password server = MYWINPDC > >please refer to section 7.4 (Domain Membership - Samba ADS Domain >Membership) in the HOWTO. > > > >Dieter Wilkens wrote: > > > >>Thanks for that hint. >>I downloaded the HOTO and tried to make everything like descibed there >>but it is still not working ;-( >> >>I set the 'security = domain" the 'workgroup = MYDOMAIN' and the >>'password server = MYWINPDC' in the smb.conf and restartet samba. After >>that I tried the 'net join -S MYWINPDC -UMyAdmin%MyPassword' and get >>the following result: >> >>'realm must be set in smb.conf for ADS join to succeed. >>ADS join did not work, faling back to RPC... >>Joined domain MYDOMAIN' >> >> >> >> >> >>>>>From the PDC I can see the sambe server in ADS and in the network >>>> >>>> >>> >>> >>> >>> >>neighborhood. If I try to connect samba asks for a username and >>password (should be OK with the DOMAIN-Admin.....). So I type in the >>Admin and PAssword but without getting a connection. In the logfile on >>the samba server there are the following lines in >>'log.MYWINPDC': >> >>'[2003/10/28 10:18:50, 0] >>auth/auth_util.c:make_server_info_info3(1017) >> make_server_info_info3: pdb_init_sam failed! >>[2003/10/28 10:18:50, 0] auth/auth_util.c:make_server_info_info3(1017) >> make_server_info_info3: pdb_init_sam failed! >>[2003/10/28 10:19:28, 0] auth/auth_util.c:make_server_info_info3(1017) >> nake_server_info_info3: pdb_init_sam failed!' >> >>Any ideas wahts going wrong here? >> >>Regards >> >> Dieter >> >>"Adam Williams" <[EMAIL PROTECTED]> schrieb im Newsbeitrag >>news:[EMAIL PROTECTED] >> >> >> >> >>>>Just started to play around with Samba 3 (on debian 3.0) and a >>>>win2000 domain. Can anyone help me to integrate the Samba server into >>>>the win domain? It should act as a file server for the useres and >>>>groups from >>>> >>>> >>>> >>>> >>win >> >> >> >> >>>>and therefor I need different rights and permissions for the >>>>shares... Any help is appreciated ;-) >>>> >>>> >>>> >>>> >>>See the Samba-HOWTO-Collection available on the Samba website. It >>>covers this in detail. >>> >>>-- >>>To unsubscribe from this list go to the following URL and read the >>>instructions: http://lists.samba.org/mailman/listinfo/samba >>> >>> >>> >>> >> >> >> >> > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
