Could you also join your krb5.conf and your pam.d/login files ?
I also have the same kind of problem, and I just would like to see differences between our configurations ...
Thanks for reading !
Bertram
From: Markus Klimke <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [Samba] User problem (samba, w2k3) Date: Thu, 29 Apr 2004 13:00:53 +0200
Hello all,
:: Strategy ::
I am using Samba 3.0.2a with security mode ADS, hooking a fileserver up to a W2k3 server and domain. The join worked as mentioned in the documentation. For auth of users I use nssldap to query the LDAP database of W2k3, so my windows users are visible either under linux and windows.
:: Problem ::
If I try to share the homes or other points I'm asked to type in a username and a password. When I type in a username, which is as described visible on both sides, windows says that this user is not valid to enter the share. As a workaround I used an "admin" entry in the smbpasswd, which has access to the shares. I think this is a very ugly hack. I also tried it with winbind, but it didn't work also. When I open the security tab under windows of a share or the subdirectories within, it shows entries like "FILER\user" which is not my domain just the samba server itself. Maybe this is correct, but I can't make any change of adding a user to the security context of windows.
I am not using the winbind name switch in nsswitch.conf and not any winbind pam auth, because of using nssldap for making users visible on linux and pam_krb5/pam_ldap for the auth. My W2k3 is operating in advanced mode (not native or mixed mode), which might be a problem, but I don't believe this. If I type "wbinfo -u" the users on windows side are listed, but not with the domain separator, just the user itself.
:: Question ::
How can I map samba shares with "security = ADS" on a windows machine, without using "smbpasswd"?
:: smb.conf ::
# Global parameters [global] workgroup = DOMAIN realm = DOMAIN.DE security = ads password server = w2k3.domain.de encrypt passwords = yes #smb passwd file = /etc/samba/smbpasswd ;; I don't want to use this line, because the documentation ;; said I don't need this socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 10 preferred master = no idmap uid = 500-6000 idmap gid = 500-6000 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind trusted domains only = yes ;; Catched the above line from a hint, which was mentioned ;; to fix the problem
[homes] comment = %u's Home Directory ;; This one's always showing, if smbpasswd entry above ;; is enabled: "admin's Home Directory", where admin is ;; is the smbpasswd entry to get shares mapped create mask = 0755 read only = No browseable = No
[shared] comment = Share Point path = /shared read only = no browseable = yes
[backup] comment = Backup Repo path = /backup read only = yes browseable = no
Many thanks for every hint or assistance Best regards -markus
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
_________________________________________________________________ Trouvez l'âme soeur sur MSN Rencontres http://g.msn.fr/FR1000/9551
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
