Hi,
We are using freeRADIUS 1.1.6. + samba 3.0.1 + krb5-1.3.2 talk to
active-directory(win2k3).
Followed by:
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
Now it can work.
But there are multiple domains in active-directory.
Can samba or krb5 support mutiple domains?
How to configure krb5.conf and smb.conf can let it support multiple domains?
Thanks.
John
---------------------------------
ÑÅ»¢ÓÊÏä´«µÝÐÂÄê×£¸££¬¸öÐԺؿ¨ËÍÇ×Åó£¡ From roamdad at sonic.net Fri Feb 29
04:30:25 2008
From: roamdad at sonic.net (Douglas VanLeuven)
Date: Fri Feb 29 04:30:59 2008
Subject: Fwd: [Samba] Winbind 3.0.26a cannot authenticate
with ActiveDirectory
In-Reply-To: <47C706C7.2030401@sonic.net>
References: <de7cf2720802221143y113f240bt4e10224663626eed@mail.gmail.com>
<343db6460802221152t406b6aafgf07ab5cf68024dd7@mail.gmail.com>
<de7cf2720802280718u5db5623dr7c671c2d41f45a10@mail.gmail.com>
<de7cf2720802280841q248a1b21ve8592283e5aff9ac@mail.gmail.com>
<47C706C7.2030401@sonic.net>
Message-ID: <47C78A61.6070900@sonic.net>
Douglas VanLeuven wrote:> Walter Huf wrote:
>> I changed those lines, and nothing seemed to change.
>> However, I remembered more information that I could include.
>> getent passwd does not list domain users, only local users.
Something still looks wrong to me with your pam config. But I checked
the release note archives. 3.0.25 introduced the changes to the idmap
backend.
Here's what I use as the alternative to the old syntax
winbind enum users = Yes
winbind enum groups = Yes
winbind nss info = sfu
idmap domains = FOREST
idmap config FOREST:backend = ad
idmap config FOREST:schema_mode = sfu
idmap config FOREST:readonly = yes
idmap config FOREST:range = 200 - 20000
idmap config FOREST:default = yes
idmap alloc backend = tdb
idmap alloc config:range = 50000-50999
There is a document "A new IDMAP subsystem" on the samba website that
I
think is more illuminative than the manpages. Thank Simo!
http://www.samba.org/~idra/samba3_newidmap.pdf
Regards, Doug