I apologize if you received this twice. I received an error after my
first email.......
Trying to get Samba working with Active Directory and ACL's on an OS X
(Tiger) server. So far it hasn't been too easy. We were able to
finally recompile version 3.014 with ACL's on the server. Now we are
stuck trying to get AD integration to work. Ideally, we would like it
set up so that the OS X file server knows and uses all of the users
and groups from Active Directory without having to create our own
mapping file (does that make sense?). All of the clients are Win XP.
As of right now, the file server has been able to join the domain.
Issuing a wbinfo -u or wbinfo -g gives the expected output. Now,
whenever I try to log into the system using my AD credentials, I see
this in the log.smbd file:
Username DOMAIN\MFLATLEY$ is invalid on this system
Here is the Global section of our smb.conf file:
[global]
workgroup = DOMAINNY
display charset = UTF-8-MAC
unix charset = UTF-8-MAC
dos charset = CP437
realm = DOMAIN.ORG
encrypt passwords = yes
password server = adserv2
map acl inherit = yes
nt acl support = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
security = ADS
client ntlmv2 auth = yes
wins support = no
wins server = 10.0.11.17
guest account = unknown
allow trusted domains = no
netbios name = osx-fileserv2
max smbd processes = 0
server string = Mac OS X
local master = no
domain master = no
map to guest = Never
defer sharing violations = no
log level = 1
use spnego = yes
passdb backend = ldapsam smbpasswd
auth methods = guest opendirectory
username map = /etc/samba/private/smbusers
idmap uid = 10000-65000
idmap gid = 10000-65000
winbind cache time = 10
winbind enum users = yes
winbind enum groups = yes
template primary group = "Domain Users"
Can anybody help us out with this?
Thanks!
mike
