Do you have any idea as to why when I search for the machine in the domain it comes up with a description of domain controller in Actice Directory? If i click on the machine itself it says that its a workstation or server but the main fact that it shows up as domain controller when searched troubles me.
Here is what i have in my smb.conf file: [global] workgroup = MYDOMAIN realm = MYDOMAIN.NET server string = Samba Server de Me netbios name = delshare security = ADS password server =addc01 name resolve order = wins lmohosts host bcast preferred master = No local master = No dns proxy = No [public] guest ok = yes public = yes path = /usr/share/public comment = share on machine [homes] guest ok = no read only = no ----- Original Message ----- From: "sharif islam" <[EMAIL PROTECTED]> To: "Rashaad S. Hyndman" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, November 12, 2004 3:20 PM Subject: Re: [Samba] General Questions: Regards ADS > On Fri, 12 Nov 2004 14:44:14 -0500, Rashaad S. Hyndman > <[EMAIL PROTECTED]> wrote: > > I have been playing with getting my samba server to participate in an Acive > > Directory domain for some time and have noticed a couple things about when i > > get the machine working (or so i think). One is that when the machine joins > > the domian it always show up as a domain controller. I dont want this to > > happen. I simply wish for it to be able to authenticate users to its share > > based on the domain users. Therefore, only users on the domain should be > > able to get to the samba shares! Up to this point in have been doing the > > following: > > > > 1. relam = MY.REALM > > 2. security = ADS > > 3. encrypt passwords = yes > > and configuring my winbind file. > > > > Is this all i have to do? Do i have the wrong impression as to what ADS > > security provides? Again, all i want to do is avoid having to create a user > > for EVERYone on my domain and two allow domain users to authenticate to the > > samba shares. > > That is right. AFAIK, if you don't tell the samba machine to be a > domain controller it won' t be one. It will act like a member server. > The user should be able to authenticate via the ADS, no need to create > local accounts. Here's my samba setting for ADS: > > [global] > workgroup = REALM > realm = REALM.ORG > server string = Samba Server > security = ADS > password server = <your domain controller> > log file = /var/log/samba/samba.log > name resolve order = wins lmhosts host bcast > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > os level = 0 > preferred master = No > local master = No > domain master = No > dns proxy = No > wins server = <if you are wins server> > idmap uid = 10000-600000 > idmap gid = 10000-600000 > winbind cache time = 600 > winbind use default domain = Yes > strict allocate = Yes > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba