I am having a bit of a problem and hope someone on here can help (if it
has been covered already please feel free to point me in the right
direction - I have searched and searched but found nothing!)
Setup:
Linux box : Debian Sarge using Samba 3.0.10-Debian
windows Box : Windows 2003 SBS acting as ADS master.
I ran through the setup instruction and can connect from the linux box
to the windows box (using smbclient -k)
Problems
Using wbinfo -u I get a list of the windows users (but no domain
prepended)
Using wbinfo -g I get a list of the windows groups (again no domain
prepended)
If I try to connect to a samba share (or browse the linux box) from the
windows box I get the authentication dialogue and it won't let me go any
further.
I am unable to assign windows users and groups permissions to files on
the linux box.
Configs:
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = EBUYER.SHE
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
EBUYER.SHE = {
kdc = srv2003.ebuyer.she:88
admin_server = srv2003.ebuyer.she:749
default_domain = ebuyer.she
}
[domain_realm]
.ebuyer.she = EBUYER.SHE
ebuyer.she = EBUYER.SHE
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
/etc/samba/smb.conf
security = ADS
realm = ebuyer.she
workgroup = EBUYER
server string = Samba Server
encrypt passwords = yes
winbind separator = +
winbind use default domain = yes
password server = 172.16.0.10
printcap name = /etc/printcap
load printers = yes
printing = cups
cups options = raw
log file = /var/log/samba/%m.log
max log size = 5000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
remote browse sync = 172.16.0.10
remote announce = 172.16.0.10
local master = no
os level = 33
domain master = no
preferred master = no
wins support = no
wins server = 172.16.0.10
dns proxy = yes
preserve case = no
short preserve case = no
default case = lower
case sensitive = no
winbind uid = 10000 - 20000
winbind gid = 10000 - 20000
winbind enum groups = yes
winbind enum users = yes
map to guest = bad user
[homes]
comment = Home Directories
browseable = no
writable = yes
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = yes
writable = no
share modes = no
[Profiles]
path = /home/profiles
browseable = no
guest ok = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
public = yes
guest ok = no
writable = no
printable = yes
[public]
comment = Public Stuff
path = /home/samba
public = yes
read only = yes
Regards
Phil
--
Phil Foxton
Systems Administrator
Ebuyer (UK) Ltd
201 Woodbourn Road, Sheffield, S9 3LR
Today I am a Sad Fish :-(
On Wed, 2005-03-16 at 14:54 +0530, ankush grover wrote:> On Wed, 16 Mar 2005 08:03:42 +0000, Phil Foxton <pfoxton@ebuyer.com>wrote:> > I am having a bit of a problem and hope someone on here can help (ifit> > has been covered already please feel free to point me in the right > > direction - I have searched and searched but found nothing!)> Hey, > > i don't know what kind of setup you want, I have a setup in my > company consisting of linux and windows pcs.I have created a samba > server (debian) with security = domain and password server = win2k3 > domain server.Before joining the win2k3 domain i created all the > windows users on the samba server but not as samba users but as normal > linux users. >I don't want to have to have the administration over head of creating users on 2 boxes. What I am aiming for is the following: The ADS box acts as DC from the AD, only authenticating users and nothing else. All file and print shares are stored on the linux box, including user profiles etc. Regards Phil -- Phil Foxton Systems Administrator Ebuyer (UK) Ltd 201 Woodbourn Road, Sheffield, S9 3LR