I am having a bit of a problem and hope someone on here can help (if it has been covered already please feel free to point me in the right direction - I have searched and searched but found nothing!) Setup: Linux box : Debian Sarge using Samba 3.0.10-Debian windows Box : Windows 2003 SBS acting as ADS master. I ran through the setup instruction and can connect from the linux box to the windows box (using smbclient -k) Problems Using wbinfo -u I get a list of the windows users (but no domain prepended) Using wbinfo -g I get a list of the windows groups (again no domain prepended) If I try to connect to a samba share (or browse the linux box) from the windows box I get the authentication dialogue and it won't let me go any further. I am unable to assign windows users and groups permissions to files on the linux box. Configs: /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = EBUYER.SHE dns_lookup_realm = true dns_lookup_kdc = true [realms] EBUYER.SHE = { kdc = srv2003.ebuyer.she:88 admin_server = srv2003.ebuyer.she:749 default_domain = ebuyer.she } [domain_realm] .ebuyer.she = EBUYER.SHE ebuyer.she = EBUYER.SHE [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } /etc/samba/smb.conf security = ADS realm = ebuyer.she workgroup = EBUYER server string = Samba Server encrypt passwords = yes winbind separator = + winbind use default domain = yes password server = 172.16.0.10 printcap name = /etc/printcap load printers = yes printing = cups cups options = raw log file = /var/log/samba/%m.log max log size = 5000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 remote browse sync = 172.16.0.10 remote announce = 172.16.0.10 local master = no os level = 33 domain master = no preferred master = no wins support = no wins server = 172.16.0.10 dns proxy = yes preserve case = no short preserve case = no default case = lower case sensitive = no winbind uid = 10000 - 20000 winbind gid = 10000 - 20000 winbind enum groups = yes winbind enum users = yes map to guest = bad user [homes] comment = Home Directories browseable = no writable = yes [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no share modes = no [Profiles] path = /home/profiles browseable = no guest ok = yes [printers] comment = All Printers path = /var/spool/samba browseable = no public = yes guest ok = no writable = no printable = yes [public] comment = Public Stuff path = /home/samba public = yes read only = yes Regards Phil -- Phil Foxton Systems Administrator Ebuyer (UK) Ltd 201 Woodbourn Road, Sheffield, S9 3LR Today I am a Sad Fish :-(
On Wed, 2005-03-16 at 14:54 +0530, ankush grover wrote:> On Wed, 16 Mar 2005 08:03:42 +0000, Phil Foxton <pfoxton@ebuyer.com>wrote:> > I am having a bit of a problem and hope someone on here can help (ifit> > has been covered already please feel free to point me in the right > > direction - I have searched and searched but found nothing!)> Hey, > > i don't know what kind of setup you want, I have a setup in my > company consisting of linux and windows pcs.I have created a samba > server (debian) with security = domain and password server = win2k3 > domain server.Before joining the win2k3 domain i created all the > windows users on the samba server but not as samba users but as normal > linux users. >I don't want to have to have the administration over head of creating users on 2 boxes. What I am aiming for is the following: The ADS box acts as DC from the AD, only authenticating users and nothing else. All file and print shares are stored on the linux box, including user profiles etc. Regards Phil -- Phil Foxton Systems Administrator Ebuyer (UK) Ltd 201 Woodbourn Road, Sheffield, S9 3LR