Re: [Samba] SAMBA + KERBEROS + AD

Sadique Puthen Thu, 06 Mar 2008 04:35:36 -0800

Helio Calaça Filho wrote:

SMB.CONF


# Samba config file created using SWAT
# from 10.10.15.33 (10.10.15.33)
# Date: 2008/03/04 13:39:37

[global]
        workgroup = SAMBA
        realm = SAMBA.COM
        server string = Test Server
        security = ADS
        log level = 4
        log file = /local/samba/var/%m.log
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = Yes
        winbind enum groups = Yes
        veto files = /.exe/*mp3*/

#[homes]
#       comment = Personal Directory
#       read only = No
#       browseable = No
[teste]
        comment = Test Directory
        path = /teste
        valid users = SAMBA #Ps.: SAMBA string here it's the domain, to can
accept all domain users

I doubt whether this is valid. As per "man smb.conf", "If this isempty (the default) then any user can login." So you should eitherput it empty or specify valid users or groups. Specifying domain name toallow all users/groups may not be valid.

        read only = No
        veto files = /*.exe/*mp3*/

[commom_ad]
        comment = Common Directory
        path = /comum_ad
        force user = smbtest
        read only = No
        guest ok = Yes

--------------------------------------------------------------------------------------------------------------

NSSWITCH.CONF

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#       nisplus or nis+         Use NIS+ (NIS version 3)
#       nis or yp               Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       db                      Use the local database (.db) files
#       compat                  Use NIS on compat mode
#       hesiod                  Use Hesiod for user lookups
#       [NOTFOUND=return]       Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files winbind
shadow:     files
group:      files winbind

#hosts:     db files nisplus nis dns
hosts:      files dns winbind

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   nisplus

publickey:  nisplus

automount:  files nisplus
aliases:    files nisplus
-------------------------------------------------------------------------------------------------------------------------------------
[EMAIL PROTECTED] lib]# ll libnss_winb*

-rwxr-xr-x 1 root root   18588 Fev 26 12:51 libnss_winbind.so
lrwxrwxrwx 1 root root      22 Fev 27 17:25 libnss_winbind.so.2 ->
/lib/libnss_winbind.so
-rwxr-xr-x 1 root root  892632 Set  1  2006 libnss_wins.so.2

--------------------------------------------------------------------------------------------------------------------
[EMAIL PROTECTED] lib]# ps -A
  PID TTY          TIME CMD

28736 ?        00:00:10 nmbd
28737 ?        00:00:00 winbindd
28738 ?        00:00:00 winbindd
28739 ?        00:00:00 smbd
28742 ?        00:00:00 smbd
28758 ?        00:00:00 winbindd
29019 ?        00:00:00 winbindd
31715 ?        00:00:00 smbd
----------------------------------------------------------------------------------------------------------------------
[EMAIL PROTECTED] lib]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[teste]"
Processing section "[comum_ad]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

-------------------------------------------------------------------------------------------------------------

[EMAIL PROTECTED] lib]# net ads join -U Administrator
suporte's password:
Using short domain name -- SAMBA
Joined 'REDH' to realm 'SAMBA.COM'

--------------------------------------------------------------------------------------------------------------------------
All correct apparently. But, when i try to access my samba shares using my
winxp station (logged in ads domain), the samba server ask a user n' pass. I
put any ads user and i can't.

Where i wrong?

See Ya!

Atte,
Hélio Calaça Filho


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA + KERBEROS + AD

Reply via email to