I want a samba machine to be a member of the domain and authentication the users, but I do not want to use kerberos as authentication and I also want to limit or authentication users from a specific group. Examples of this? -- Jason Gerfen "My girlfriend threated to leave me if I went boarding... I will miss her." ~ DIATRIBE aka FBITKK
Can you be more specific as to what you are looking for? Non-Windows machines can use Samba to join NT or ADS domains without using Kerberos. This is quite normal. Kerberos is an optional feature that takes extra configuration. Once in a domain, you can use the Windows groups to control access to shares. Have you checked out the Samba Howtos and Samba by Example on the samba.org site? Jason Gerfen wrote:> I want a samba machine to be a member of the domain and authentication > the users, but I do not want to use kerberos as authentication and I > also want to limit or authentication users from a specific group. > > Examples of this? >
OK. It looks like you are telling Samba to use Kerberos by putting it in a realm. I believe the trick should be to make your Samba server look like an NT4 server (one that doesn't understand ADS). Then is should be able to join using the pre-ADS protocol. Jason Gerfen wrote:> I have. You see the problem I am having is dealing with some users > using kerberos for authentication once I have joined the machine to > the domain as server = ads. > > I only need to authentication users against active directory for this > particular machine so I set the server = domain and everytime I > attempt to join using net rpc join I recieve errors that the domain is > not valid. > > jason@new-odin:~> testparm > Load smb config files from /etc/samba/smb.conf > Processing section "[odin]" > Loaded services file OK. > Server role: ROLE_DOMAIN_MEMBER > Press enter to see a dump of your service definitions > > # Global parameters > [global] > workgroup = SCL > realm = SCL.DOMAIN > server string = testmachine > security = DOMAIN > update encrypted = Yes > password level = 20 > preferred master = No > domain master = No > idmap uid = 500-500000 > idmap gid = 500-500000 > winbind separator = / > winbind cache time = 5 > winbind use default domain = Yes > winbind nested groups = Yes > > [odin] > comment = ODIN > path = /odin > read only = No > inherit acls = Yes > > > Gary Dale wrote: > >> Can you be more specific as to what you are looking for? >> >> Non-Windows machines can use Samba to join NT or ADS domains without >> using Kerberos. This is quite normal. Kerberos is an optional feature >> that takes extra configuration. >> >> Once in a domain, you can use the Windows groups to control access to >> shares. >> >> Have you checked out the Samba Howtos and Samba by Example on the >> samba.org site? >> >> >> Jason Gerfen wrote: >> >>> I want a samba machine to be a member of the domain and >>> authentication the users, but I do not want to use kerberos as >>> authentication and I also want to limit or authentication users from >>> a specific group. >>> >>> Examples of this? >>> >> > >