hello,
I keep gettiing a login prompt when I try to access shares on my newly
created samba server. I am trying to use ad/rid (the best option if you
want multiple samba servers in your environment?) wbinfo -a
DOMAIN/mylogin%password authenticates correctly. wbinfo -u and wbinfo
-g shows my groups and users fine. Do I need winbind uid/gid as well as
idmap uid/gid? Do I need auth method? Should I use idmap backend = ad
instead? Do I need pam support? I am really confused about what the
right setup is now with samba.
My smb.conf has:
[global]
workgroup = DOMAIN
netbios name = svcanimp
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 10000-200000
idmap gid = 10000-200000
#idmap backend = ad
idmap backend = idmap_rid:DOMAIN=10000-200000
use kerberos keytab = yes
# os level = 65
winbind enum users = yes
winbind enum groups = yes
#winbind use default domain = yes
#winbind uid = 10000-200000
#winbind gid = 10000-200000
winbind separator = /
encrypt passwords = yes
server string = User management Server
security = ADS
#security = domain
realm = DOMAIN.COM
password server = ad.domain.com
preferred master = no
log file = /usr/local/samba/var/log.%m
log level = 10
#hosts allow = 10.69. 127.0.
max log size = 50
local master = No
dns proxy = No
wins server = wins02 wins03
wins proxy = no
name resolve order = hosts wins lmhosts bcast
aio read size = 1
aio write size = 1
template homedir = /home/winnt/%D/%U
template shell = /bin/bash
#acl group control = yes
#inherit permissions = Yes
#inherit acls = Yes
invalid users = root
#auth methods = winbind
#username map = /usr/local/samba/lib/username.map
[homes]
valid users = %S
browseable = No
read only = No
David Shapiro
Unix Team Lead
919-765-2011