Robert W. Dempsey
2002-Sep-30 11:13 UTC
[Samba] Successful integration using Winbind - not a dream
Good Morning to All,
I have a Red Hat 7.3 box with Samba 2.2.5 successfully integrated
with a Windows 2000 domain. I am using a Win2K Domain Controller to
hold all of the user accounts. I use WebMin 1.0 for the administration
of my Linux box, and am able to pull up domain user accounts when
putting permissions on files on the RH machine. I used a combination of
resources to do this.
First, read the article located at
http://asia.cnet.com/itmanager/netadmin/0,39006400,39050042,00.htm. This
will show you what files to change. I also went onto the Win2K domain
controller did the following:
1. Start -> Programs -> Adminsitrative Tools -> Domain Security Policy
-> Windows Settings -> Local Policies -> Security Options.
2. LAN Manager Authentication Level = Send LM & NTLM responses
3. Start -> Run -> cmd
4. secedit refreshpolicy machine_policy
5. secedit refreshpolicy user_policy
After this, I rebooted the Win2K Domain Controller for good
measure, and I also rebooted the Linux server to ensure that all of my
services started in the proper order as this appears to definately have
something to do with it as well. I have only been able to get a RedHat
box to fully integrate, although I also have Mandrake 9.0 RC2 working
quite well for a client. If you all have any questions, please feel
free to respond and I will try to help you as best as I can. I will be
out for the day so I won't be able to respond until later (8-10 hours
from now). Good luck, and may Lnux light the way to the future for all
of us!
Sincerely,
Robert W. Dempsey
Atlantic Dominion Solutions
414 Prince Street
Alexandria, VA 22314
703.229.4096
http://www.atlanticdominionsolutions.com
Hi all, I have 2 samba PDCs, each on is on a isolated network and on firewall in both networks. The first samba server is authenticating in a LDAP server, the other one is authenticating with smbpasswd file. I intend to create all the users acounts for the second samba server in the same LDAP server and use it to authenticate users from both samba servers. The problem is... There is users that should have access to both domains and users that should be restricted to only one of them. The question is... Is it possible? I could create one group for each domain and restrict the access using the acls in the LDAP server or using the ldap filter parameter in the samba server. Could this work? What is the better way? Thank's Bruno Pereti.