Liu, Hong Quan 刘红泉
2005-Oct-20 09:59 UTC
[Samba] Is it possible to access Samba domain member server in a AD domain from outside this domain?
Dear all,
I configured a Samba Server which joins a AD domain to act as a domain member
server (that is the user authentication is validated
by AD ).It works fine when the domain users access it.=20
The Samba version is 3.0.20 on FreeBSD 5.4 and the smb.conf (global section)as
following.
My question is that if I choose logon by this computer (not logon domain) from a
windows client, I cann=A1=AFt access this samba server because of no
permissions, (also no user authentication dialog box prompt)
Is it possible on this version to do such a kind of samba server access?
(for example, it will prompt entering the username/password, after validation
success, the user can access this samba=A1=AFs services)
Who has such experience and can give me some advice or clue?
Thank you in advance!
=20
The following is my global section in smb.conf:
[global]
workgroup =3D NWBSC
netbios name =3D NW-BSDFS01
realm =3D NWBSC.COM
server string =3D SambaServer01
log file =3D /var/log/samba/log.%m
security =3D ADS
password server =3D NW-AD01
allow trusted domains =3D Yes
idmap uid =3D 10000-20000
idmap gid =3D 10000-20000
winbind enum users =3D No
winbind enum groups =3D No
winbind cache time =3D 3600
template homedir =3D /home/%U
template shell =3D /bin/false
winbind nested groups =3D Yes
winbind use default domain =3D Yes
winbind trusted domains only =3D Yes
auth methods =3D winbind
server signing =3D auto
admin users =3D root
log level =3D 1
max log size =3D 5000
=20
Thanks!
Liu
=20
John H Terpstra
2005-Oct-20 15:56 UTC
[Samba] Is it possible to access Samba domain member server in a AD domain from outside this domain?
On Thursday 20 October 2005 03:59, Hong Quan =C1=F5=BA=EC=C8=AA wrote:> Dear all, > > I configured a Samba Server which joins a AD domain to act as a domain > member server (that is the user authentication is validated > > by AD ).It works fine when the domain users access it. > > The Samba version is 3.0.20 on FreeBSD 5.4 and the smb.conf (global > section)as following. > > My question is that if I choose logon by this computer (not logon domain) > from a windows client, I cann=A1=AFt access this samba server because of no > permissions, (also no user authentication dialog box prompt) > > Is it possible on this version to do such a kind of samba server access?You need interdomain trusts for that. See the chapter on that subject in the=20 Samba3-HOWTO. http://www.samba.org/samba/docs/Samba3-HOWTO.pdf =2D John T.> > (for example, it will prompt entering the username/password, after > validation success, the user can access this samba=A1=AFs services) > > Who has such experience and can give me some advice or clue? > > Thank you in advance! > > > > The following is my global section in smb.conf: > > [global] > > workgroup =3D NWBSC > > netbios name =3D NW-BSDFS01 > > realm =3D NWBSC.COM > > server string =3D SambaServer01 > > log file =3D /var/log/samba/log.%m > > security =3D ADS > > password server =3D NW-AD01 > > allow trusted domains =3D Yes > > idmap uid =3D 10000-20000 > > idmap gid =3D 10000-20000 > > winbind enum users =3D No > > winbind enum groups =3D No > > winbind cache time =3D 3600 > > template homedir =3D /home/%U > > template shell =3D /bin/false > > winbind nested groups =3D Yes > > winbind use default domain =3D Yes > > winbind trusted domains only =3D Yes > > auth methods =3D winbind > > server signing =3D auto > > admin users =3D root > > log level =3D 1 > > max log size =3D 5000 > > > > Thanks! > > Liu=2D-=20 John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228 Samba-3 by Example, 2 Ed., ISBN: 0131882221X Hardening Linux, ISBN: 0072254971 Other books in production.