I would like to be able to use Windows Active Directory accounts for logon to a
Linux RH8 desktop. I have successfully used Kerberos to add the desktop to the
AD domain. I am also able to use Kerberos or rpc to view users & groups. I
have not been able to use winbind. I am using the Samba3.aplha22 RPM. Our AD
domain has restrict anonymous set to 1 for the DC's. Following the How-To
for
Winbind when I attempt run wbinfo -u or -g, I get the error message "Error
looking up domain groups/users".
Any clue as to what I'm doing wrong? Do I need winbind or can I just use
Kerberos? Is it possible to create the equivalent of the Domain Users group
being the member of the local Users group and Domain Admins being the member of
the local Administrators group on a SAMBA enabled Linux box as it occurs in
Windows 2000?
Please find below my smb & nsswitch settings with a certain amount of
"sanitation."
# Global parameters
[global]
workgroup = "my Pre-Windows 2000 Domain Name"
server string = Linux Desktop
security = DOMAIN
password server = "DC List"
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
wins server = "wins server ip"
winbind uid = 10000-20000
winbind gid = 10000-20000
template homedir = /home/winnt/%D/%U
template shell = /bin/bash
winbind separator = +
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[public]
comment = Public Samba Doc
path = /usr/share/doc/samba-3.0alpha22/docs/htmldocs
write list = @admin
guest ok = Yes
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries
you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files winbind
shadow: files
group: files winbind
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
WILLIAM M. SHADE
William.shade@redstone.army.mil