Scruggs, Ronald wrote:
All,
I'm trying to figure out if I missed some steps in configuring Samba
3.0.13 on AIX 5.2 as a Windows 2003 ADS domain member server of the
domain DEVELOPMENT. Samba is compiled with Heimdal Kerberos and
openLDAP support, and I successfully joined the ADS domain using net ads
join after running a kinit. Kerberos appears to be working, wbinfo -u
and wbinfo -g work; net ads status works fine, smbtree works. However,
when I try to authenticate to a test share using either a domain user ID
or a user ID from another domain (CORP) that has a trust relationship
with the domain that the Samba server is joined to, I see
NT_STATUS_NO_SUCH_USER in the log.smbd.
So, my two questions are: do I need to be running winbindd?
Yes
Does it
have to have PAM support,
Yes...pam needs to authenticate using ldap/ads
or is that just for using domain logins on the
unix side?
smb.conf follows:
[global]
realm = READING.DEVPORTAL.NET
workgroup = DEVELOPMENT
password server = usrd106.reading.devportal.net
security = ADS
encrypt passwords = yes
#debug level = 7
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users=yes
winbind enum groups=yes
client use spnego = yes
[public]
comment = Public data directory
read only = no
path = /sambapublic
user = @"DEVELOPMENT+domain users" @"CORP+domain users"
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
