hi all,
yes the good old topic where most people have a problem with :)
I have a Windows 2003 Active Directory Server und want that users on
this directory are able to login on a Samba Share.
The authentication with wbinfo -a user%password works and I already
joined the domain with
net ads join
I am also able to authenticate as directory user with his directory
password, BUT only if this username also exists in the /etc/passwd file.
Users which username is not in the lokal passwd file cannot login.
I use samba Version 3.0.37 on Solaris 10, here is my smb.conf:
[global]
workgroup = ABC
realm = ABC.DE
server string = Samba Server
security = ADS
map to guest = Bad User
password server = ABCDC01.abc.de ABCDC02.abc.de
use kerberos keytab = Yes
log file = /var/log/samba/log.%m
max log size = 50
time server = Yes
os level = 65
local master = No
domain master = No
wins support = Yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
winbind use default domain = Yes
[test]
comment = test
path = /test
valid users = ABC+corpus, ABC+ahu
read only = No
[/code]
The user ABC+corpus also exists locally and I am able to logon with his
Directory password on the share, but not with the user ABC+ahu
If I just do
useradd ahu
I am able to logon with this user!
What am I doing wrong? I also want that users from the directory will be
mapped to the local user corpus from the access rights and would do this
with "force user = corpus" on the share, would this be right?
Thanks for any help
On Friday 14 May 2010 5:11:20 am Andreas Hubert wrote:> hi all, > > yes the good old topic where most people have a > problem with :) > > I have a Windows 2003 Active Directory Server > und want that users on this directory are able > to login on a Samba Share. The authentication > with wbinfo -a user%password works and I > already joined the domain with > net ads join > I am also able to authenticate as directory > user with his directory password, BUT only if > this username also exists in the /etc/passwd > file. Users which username is not in the lokal > passwd file cannot login. I use samba Version > 3.0.37 on Solaris 10, here is my smb.conf: > > [global] > workgroup = ABC > realm = ABC.DE > server string = Samba Server > security = ADS > map to guest = Bad User > password server = ABCDC01.abc.de > ABCDC02.abc.de use kerberos keytab = Yes > log file = /var/log/samba/log.%m > max log size = 50 > time server = Yes > os level = 65 > local master = No > domain master = No > wins support = Yes > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind separator = + > winbind use default domain = Yes > > [test] > comment = test > path = /test > > read only = No > [/code] > > The user ABC+corpus also exists locally and I > am able to logon with his Directory password on > the share, but not with the user ABC+ahu If I > just do > useradd ahu > I am able to logon with this user! > What am I doing wrong? I also want that users > from the directory will be mapped to the local > user corpus from the access rights and would do > this with "force user = corpus" on the share, > would this be right? > > Thanks for any help > >Firstly, did you configure Kerberos properly. Nextly, and I could be wrong on this, but I think you need to change: valid users = ABC+corpus, ABC+ahu to: valid users = "@ABC+corpus" "@ABC+ahu" Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
On Friday 14 May 2010 11:28:05 am Dimitri Yioulos wrote:> On Friday 14 May 2010 5:11:20 am Andreas Hubert > > wrote: > > hi all, > > > > yes the good old topic where most people have > > a problem with :) > > > > I have a Windows 2003 Active Directory Server > > und want that users on this directory are > > able to login on a Samba Share. The > > authentication with wbinfo -a user%password > > works and I already joined the domain with > > net ads join > > I am also able to authenticate as directory > > user with his directory password, BUT only if > > this username also exists in the /etc/passwd > > file. Users which username is not in the > > lokal passwd file cannot login. I use samba > > Version 3.0.37 on Solaris 10, here is my > > smb.conf: > > > > [global] > > workgroup = ABC > > realm = ABC.DE > > server string = Samba Server > > security = ADS > > map to guest = Bad User > > password server = ABCDC01.abc.de > > ABCDC02.abc.de use kerberos keytab = Yes > > log file = /var/log/samba/log.%m > > max log size = 50 > > time server = Yes > > os level = 65 > > local master = No > > domain master = No > > wins support = Yes > > idmap uid = 10000-20000 > > idmap gid = 10000-20000 > > winbind separator = + > > > > > > [test] > > comment = test > > path = /test > > > > read only = No > > [/code] > > > > The user ABC+corpus also exists locally and I > > am able to logon with his Directory password > > on the share, but not with the user ABC+ahu > > If I just do > > useradd ahu > > I am able to logon with this user! > > What am I doing wrong? I also want that users > > from the directory will be mapped to the > > local user corpus from the access rights and > > would do this with "force user = corpus" on > > the share, would this be right? > > > > Thanks for any help > > Firstly, did you configure Kerberos properly. > Nextly, and I could be wrong on this, but I > think you need to change: > > valid users = ABC+corpus, ABC+ahu > > to: > > valid users = "@ABC+corpus" "@ABC+ahu" > > Dimitri > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean.Oops, sorry on the valid users piece. What I told you applies to groups. But, since you have: winbind use default domain = Yes perhaps you only need to specify the user names in "valid users". Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.