i'm having big problems on integrating my samba-server to use the AD for
I am running a Debian Linux (Sarge) box with Samba 3.0.14a and want to
share some folders. Winbind is not running yet.
Now with "valid users" I want to restrict the access to an specific
user. That user should checked against a AD from Samba instead of smbpasswd.

First of all, do I need winbind for that purpose?
Or is a ldap-configuration in smb.conf enough? Here are the lines of

########### smb.conf
passdb backend = ldapsam:ldap://<AD server>:389/
ldap suffix = "cn=...,dc=..."
ldap admin dn = "cn=...,dc=..."
ldap filter = (&(objectclass=User)(uid=%u))
ldap ssl = no

idmap backend = ad:ldap://<AD server>

obey pam restrictions = yes
invalid users = root
valid users = user1

And second, should the samba-server be member of the AD domain? At the
moment he isn't.

Btw, UNIX Login against the same AD is working fine on that client (with
pam_ldap, nss_ldap).

Another question that i have belongs to the idmap_ad plugin from padl.
On our AD we integrated the RFC2307 schema.
I've compiled the patch successfully and copied it to
Do I have to recompile samba, or can I use the already installed one?
And is the entry "idmap backend = ad:ldap://<AD server>" in smb.conf the
only change to make, so that samba uses ad.so ??
On the logs i can't see anything about ad.so - well it may lie on the
problem showed above, so that he didn't come so far?!
But I'm not sure.

Any help would be appreciated. Over a week of google didn't helped me,
neither the reading of many docs.

thanks in advance

Jan Dworschak
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to