[Samba] Samba, Winbind and Active Directory
Hi, I am trying to set up Samba joining Active Directory. I have done this successfully before and have most of my previous files. Here is the issue I am seeing. I can kinit [EMAIL PROTECTED] I cannot net ads join -U administrator I get thus message: Failed to join domain: Invalid credentials The only error I seem to find is in my winbind log file. [2007/08/23 13:06:50, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491) [14116]: request interface version [2007/08/23 13:06:50, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524) [14116]: request location of privileged pipe [2007/08/23 13:06:50, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1273) [14116]: getgroups root [2007/08/23 13:06:50, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491) [14119]: request interface version [2007/08/23 13:06:50, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524) [14119]: request location of privileged pipe [2007/08/23 13:06:50, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1273) [14119]: getgroups root -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] share setup
I would like to be able to setup shares i n the following manner. I want a basic root share folder. Let's say it is the /Home directory. This will be a shared drive for all users on our network. Everyone will have read access. Under this folder will be several shared folders that are user specific. I have done this but it seems that the /Home directory overwrites the read attribute for all other directories. I do not want some of the sub directories to be browsable by certain users. Does anyone have any idea how to change this? Does any of this make sense!?!?!? Here is an example of my conf file. [home] comment = Share Home path = /home valid users = List of valid users read only = No [marketing] comment = Marketing Share path = /home/marketing admin users = List of valid users valid users = List of valid users read list = read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: mount windows xp share
I would like to be able to setup shares i n the following manner. I want a basic root share folder. Let's say it is the /Home directory. This will be a shared drive for all users on our network. Everyone will have read access. Under this folder will be several shared folders that are user specific. I have done this but it seems that the /Home directory overwrites the read attribute for all other directories. I do not want some of the sub directories to be browsable by certain users. Does anyone have any idea how to change this? Does any of this make sense!?!?!? Here is an example of my conf file. [home] comment = Share Home path = /home valid users = List of valid users read only = No [marketing] comment = Marketing Share path = /home/marketing admin users = List of valid users valid users = List of valid users read list = read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Domain Authentication
Hi, I am trying to create shares that are accessible thru Domain Authentication. I am able to join the domain thru net ads join -U administrator All of the following commands work: net ads join -U administrator testparm net ads info wbinfo -u wbinfo -g Everything seems to be working ok and I have created a couple of test shares. However, if I issue a ' getent passwd' command it indicates the password authentication still comes from the local machine. In addition, none of the shares work not even the public which I think should be accesable by anyone. Would someone mind looking my samba.conf over and provide feedback? # #=== Global Settings = [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH workgroup = MYDOMAIN_SHORT_NAME netbios name = enterprise # server string is the equivalent of the NT Description field server string = File Server # Security mode. Defines in which mode Samba will operate. Possible # values are share, user, server, domain and ads. Most people will want # user level security. See the Samba-HOWTO-Collection for details. security = ads encrypt passwords = yes # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the loopback interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. # If you want to automatically load your printer list rather # than setting them up individually then you'll need this load printers = yes # you may wish to override the location of the printcap file ; printcap name = /etc/printcap # on SystemV system setting printcap name to lpstat should allow # you to automatically obtain a printer list from the SystemV spool # system ; printcap name = lpstat # It should not be necessary to specify the print system type unless # it is non-standard. Currently supported print systems include: # bsd, cups, sysv, plp, lprng, aix, hpux, qnx ; printing = cups # This option tells cups that the data has already been rasterized cups options = raw # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user nobody is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/%m.log # Put a capping on the size of the log files (in Kb). max log size = 50 # Use password server option only with security = server # The argument list may include: # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] # or to auto-locate the domain controller/s # password server = * ; password server = NT-Server-Name # Use the realm option only with security = ads # Specifies the Active Directory realm the host is part of realm = HQ.MYDOMAIN.NET # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. ; passdb backend = tdbsam # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting. # Note: Consider carefully the location in the configuration file of # this line. The included file is read at that point. ; include = /usr/local/samba/lib/smb.conf.%m # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply ; local master = no # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable ; os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job ; domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election ; preferred master = yes # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. ; domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat # Where to store roving profiles (only for Win95 and WinNT) #%L substitutes for this servers netbios name, %U is username #You must
Re: [Samba] Samba Domain authentication and shares
Thanks for the link. I have read it over and it seems that my error is probably in winbind. All of these command work. * net ads join -U Administrator* wbinfo -u wbinfo -g net ads info However, the winbind getent passwd indicates the passwords are still coming from the local machine. I can provide you with whatever files you would like to see. Below is my nsswitch.conf file: Thanks in advance. # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # #nisplus or nis+Use NIS+ (NIS version 3) #nis or ypUse NIS (NIS version 2), also called YP #dnsUse DNS (Domain Name Service) #filesUse the local files #dbUse the local database (.db) files #compatUse NIS on compat mode #hesiodUse Hesiod for user lookups #[NOTFOUND=return]Stop searching if not found so far # # To use db, put the db in front of files for entries you want to be # looked up first in the databases # # Example: #passwd:db files nisplus nis #shadow:db files nisplus nis #group: db files nisplus nis passwd: compat winbind shadow: compat group: compat winbind #hosts: db files nisplus nis dns hosts: files dns # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc:nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files winbind rpc:files services: files winbind netgroup: files winbind publickey: nisplus automount: files winbind aliases:files nisplus -- Dale Schroeder wrote: Kevin, Without your Samba version and smb.conf, it is hard to diagnose what the problem might be. Since many use security = ADS and winbind to authenticate against a W2K3 domain, see if these resources are of any help to you: http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1 Dale Kevin Gutch wrote: Hello, Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=ISO-8859-1 I have been able to use Samba to join our Win2003 domain. I have also setup folders and permissions in the smb.conf file. I can browser to the Samba Shares 2 ways, thru network neighborhood and by UNC/ip address. Both of these methods prompt me for login which is not successful. I assumed that if I userA had permissions to a folder in the smb.conf file that Windows userA would e able to access wit no problems as long as he was logged onto the domain. Does anyone have any suggestions or troubleshooting tips? Thanks, Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Domain authentication and shares
Hello, I have been able to use Samba to join our Win2003 domain. I have also setup folders and permissions in the smb.conf file. I can browser to the Samba Shares 2 ways, thru network neighborhood and by UNC/ip address. Both of these methods prompt me for login which is not successful. I assumed that if I userA had permissions to a folder in the smb.conf file that Windows userA would e able to access wit no problems as long as he was logged onto the domain. Does anyone have any suggestions or troubleshooting tips? Thanks, Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba