To Whom It May Concern: I really admire the dedication and effort your group has. I am glad more and more people aren't buying into the Microsoft licensing schemes. Keep up the good work! I would like to add the server I have installed to our Active Directory Domain. We have one Win2003 PDC no subnets very basic stuff. I have read many chapters in the official how to guide and would like to zero in on the appropriate section/s that will allow me to configure this appropriately. All my supervisor would like me to do is create a fileserver where no one has to type in their user name and password again when they click on any of the shares. I have tried (on the test bed) configurations from different chapters and I still get user name and password when I click on the server or share. The Server I have installed is Suse 10.0 enterprise. I would appreciate any help that you can provide. Thank you for your time and I look forward to hearing from you soon! Best regards, Kevin G
Have you configured kerberos and windbind correctly? Does your net ads join work? Have you linked the libnss_winbind.so correctly? Have you followed this one => http://us3.samba.org/samba/docs/man/ Samba-HOWTO-Collection/winbind.html. Confirm this so can we more easily help. Its kinda hard when you don't say exactly what is wrong, =) A short version of the smb.conf would help also... Cheers, Henrik 16 aug 2006 kl. 05:57 skrev Kevin Gowan:> To Whom It May Concern: > > > > I really admire the dedication and effort your group has. I am > glad more and more people aren't buying into the Microsoft > licensing schemes. Keep up the good work! > > > > I would like to add the server I have installed to our Active > Directory Domain. We have one Win2003 PDC no subnets very basic > stuff. I have read many chapters in the official how to guide and > would like to zero in on the appropriate section/s that will allow > me to configure this appropriately. All my supervisor would like > me to do is create a fileserver where no one has to type in their > user name and password again when they click on any of the shares. > I have tried (on the test bed) configurations from different > chapters and I still get user name and password when I click on the > server or share. The Server I have installed is Suse 10.0 enterprise. > > > > I would appreciate any help that you can provide. Thank you for > your time and I look forward to hearing from you soon! > > > > Best regards, > > > > Kevin G > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba
Dear, Did you read the section "Samba ADS domain membership" within the Official HOWTO? You may want to have a read there. ( http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member ) Besides, it is also good for you to read the Idmap and Winbind section. Hope this help. Best Rgds, Jacky Hui Chun Kit On 8/16/06, Kevin Gowan <KGowan@assisecurity.com> wrote:> > To Whom It May Concern: > > > > I really admire the dedication and effort your group has. I am glad more > and more people aren't buying into the Microsoft licensing schemes. Keep up > the good work! > > > > I would like to add the server I have installed to our Active Directory > Domain. We have one Win2003 PDC no subnets very basic stuff. I have read > many chapters in the official how to guide and would like to zero in on the > appropriate section/s that will allow me to configure this > appropriately. All my supervisor would like me to do is create a fileserver > where no one has to type in their user name and password again when they > click on any of the shares. I have tried (on the test bed) configurations > from different chapters and I still get user name and password when I click > on the server or share. The Server I have installed is Suse 10.0enterprise. > > > > I would appreciate any help that you can provide. Thank you for your time > and I look forward to hearing from you soon! > > > > Best regards, > > > > Kevin G > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Steven Cardinal
2006-Aug-16 19:26 UTC
[Samba] Re: adding samba3 to Active Directory Domain
On 8/16/06, Kevin Gowan <KGowan@assisecurity.com> wrote:> > To Whom It May Concern: > > > > I really admire the dedication and effort your group has. I am glad more > and more people aren't buying into the Microsoft licensing schemes. Keepup> the good work! > > > > I would like to add the server I have installed to our Active Directory > Domain. We have one Win2003 PDC no subnets very basic stuff. I have read > many chapters in the official how to guide and would like to zero in onthe> appropriate section/s that will allow me to configure this > appropriately. All my supervisor would like me to do is create afileserver> where no one has to type in their user name and password again when they > click on any of the shares. I have tried (on the test bed) configurations > from different chapters and I still get user name and password when Iclick> on the server or share. The Server I have installed is Suse10.0enterprise.> > > > I would appreciate any help that you can provide. Thank you for your time > and I look forward to hearing from you soon! > > > > Best regards, > > > > Kevin GHey Kevin, We are using our Samba server in the same way - File/Print in a W2K3 AD single forest/domain. Definitely look at the AD section. I found the Samba-3 By Example book to be very helpful, too - Section 9.3.3 covers a file server in an AD domain. Here's our config that is working just fine: [global] unix charset = LOCALE workgroup = MYDOMAIN realm = MYDOMAIN.INT server string = Production File Server security = ADS allow trusted domains = No enable privileges = Yes username map = /etc/samba/smbusers log level = 1 log file = /var/log/samba/%m max log size = 50 deadtime = 15 printcap name = cups wins server = 10.0.0.2 ldap ssl = no idmap backend = idmap_rid:MYDOMAIN=10000-50000 idmap uid = 10000-50000 idmap gid = 10000-50000 template shell = /bin/bash winbind separator = + cups options = raw The only thing to be aware of is, for our config, I chose to use the idmap_rid since I will end up having multuple servers and wanted to ensure that the uids remain consistent. For this I needed to rebuild the Suse 10.0RPM to enable this. Make sure the server is correctly listed in DNS (A record in the AD domain) prior to adding it to the domain with the net ads join command. Also ensure that ntp is running and keeping time in sync. Steve