[Samba] Samba 3.0.13 ADS domain member on AIX 5.2
All, I'm trying to figure out if I missed some steps in configuring Samba 3.0.13 on AIX 5.2 as a Windows 2003 ADS domain member server of the domain DEVELOPMENT. Samba is compiled with Heimdal Kerberos and openLDAP support, and I successfully joined the ADS domain using net ads join after running a kinit. Kerberos appears to be working, wbinfo -u and wbinfo -g work; net ads status works fine, smbtree works. However, when I try to authenticate to a test share using either a domain user ID or a user ID from another domain (CORP) that has a trust relationship with the domain that the Samba server is joined to, I see NT_STATUS_NO_SUCH_USER in the log.smbd. So, my two questions are: do I need to be running winbindd? Does it have to have PAM support, or is that just for using domain logins on the unix side? smb.conf follows: [global] realm = READING.DEVPORTAL.NET workgroup = DEVELOPMENT password server = usrd106.reading.devportal.net security = ADS encrypt passwords = yes #debug level = 7 winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users=yes winbind enum groups=yes client use spnego = yes [public] comment = Public data directory read only = no path = /sambapublic user = @DEVELOPMENT+domain users @CORP+domain users -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.13 ADS domain member on AIX 5.2
Scruggs, Ronald wrote: All, I'm trying to figure out if I missed some steps in configuring Samba 3.0.13 on AIX 5.2 as a Windows 2003 ADS domain member server of the domain DEVELOPMENT. Samba is compiled with Heimdal Kerberos and openLDAP support, and I successfully joined the ADS domain using net ads join after running a kinit. Kerberos appears to be working, wbinfo -u and wbinfo -g work; net ads status works fine, smbtree works. However, when I try to authenticate to a test share using either a domain user ID or a user ID from another domain (CORP) that has a trust relationship with the domain that the Samba server is joined to, I see NT_STATUS_NO_SUCH_USER in the log.smbd. So, my two questions are: do I need to be running winbindd? Yes Does it have to have PAM support, Yes...pam needs to authenticate using ldap/ads or is that just for using domain logins on the unix side? smb.conf follows: [global] realm = READING.DEVPORTAL.NET workgroup = DEVELOPMENT password server = usrd106.reading.devportal.net security = ADS encrypt passwords = yes #debug level = 7 winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users=yes winbind enum groups=yes client use spnego = yes [public] comment = Public data directory read only = no path = /sambapublic user = @DEVELOPMENT+domain users @CORP+domain users -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
