[Samba] AD Auth 2003

Edward Brookhouse Thu, 21 Jul 2005 12:00:38 -0700

Hi all,



I am attempting to setup a SMB server that will auth to Windows2003 AD -




I've setup SMB many times, but this is my first attempt at AD auth
integration.



Most everything (testing from commandline) works - see below info



But the docs say I need to copy pam_winbind.so to /lib/security but I
can not find this file in the samba source distro. So what goes into
/etc/pam.d/samba or /etc/pam.d/login ??



When I attempt to access a share on this server, I see no errors but can
not auth, presumably because pam_winbind is missing.



See below for details of setup -



Any thoughts appreciated,



Edward

Ebrooathealthydirectionsdotcom









I'm using a RH Fedora Core 2 box with Samba 3.0.14a and these Krb
versions :



krb5-devel-1.3.6-4

pam_krb5-2.0.10-1

krb5-libs-1.3.6-4

krb5-workstation-1.3.6-4





What works -



Kinit [EMAIL PROTECTED] works fine -

net ads join -uUsername%password works fine

wbinfo -u works fine

wbinfo -t works fine



My samba log.smbd and log.nmbd and log.winbindd all show successful
startup



My smb.cnf looks like



[global]

netbios name = GOETHE

server string = IT Dev Server

realm = CORP.PHILLIPS.COM

workgroup = CORP

password server = 172.17.17.110

security = ADS

encrypt passwords = yes

socket options = TCP_NODELAY

   local master = no

   dns proxy = yes

   winbind separator = +

winbind uid = 10000-20000

        winbind gid = 10000-20000

        winbind enum groups = yes

        winbind enum users = yes

#============================ Share Definitions
==============================

   idmap uid = 16777216-33554431

   idmap gid = 16777216-33554431

   template shell = /bin/false

   winbind use default domain = no



[homes]

   comment = Home Directories

   browseable = no

   writable = yes

      user = @"CORP+domain users"

# specifically define each individual printer [printers]

   comment = All Printers

   path = /var/spool/samba

   browseable = no

   guest ok = no

   writable = no

   printable = yes



 [Tellu]

        comment = TellU Inventory Client

        path = /home/share/tellu

        public = yes

        writeable = no

      user = @"CORP+domain users"









--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] AD Auth 2003

Reply via email to