Rhiannon.Henning@sungard.com
2006-Nov-02 16:53 UTC
[samba] configuring smb, winbind, kerberos & password snych
I am running RHEL ES ver 4 and thus far have got basic samba functionality. I have setup public shares and printers for users to access. It works as long as they authenticating against the local samba database. My goal is to have users pass their windows credentials along to samba and map shares to each user based upon their group id, (sales, accounting, IT, etc.) I am a little confused as to how I should configure both Winbind and Kerberos. There is a GUI associated with /usr/bin/system-config-authentication. There are two tabs, one for user information, and one for authentication. The GUI gives the option to configure Winbind for both user info and authentication. The samba documentation I have read seems to be written for those who only have one domain and one DC to work with. The samba server is setup on a separate domain than our users. There is a trust between the domains that allows users to access resources housed on the servers residing on the other domain. I am guessing that I should configure Winbind for the domain, where my users are at? Also under the authentication tab are configs for SMB and Kerberos. At this point I am not sure if I should configure any of them for the domain that samba is joined to. Presently, we are using a retired version of NetWare and had to manually enter users into the database and create groups for them there. I would like to avoid this if possible. Thanks for your help, Rhiannon Henning Confidentiality Notice: This email transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that arrangements can be made for proper delivery, and then please delete the message from your in-box.