Samba Admins:
This is my second post on this matter so my apologies for redundant
requests for help. My first request yielded only one response which did
not solve my current problem.
Background:
We have been using Samba on Linux (Redhat) for several years to access
shares on Sun servers. The Sun environment uses NIS/NFS for user
accounts and sharing (mounting) remote file systems. Accessing the Sun
shares was transparent for the users. They were able to map the drives
using the standard \\server\share syntax and Samba would mount based on
the appropriate permissions. The Samba server was a domain member
server. I used a map file to map UNIX usernames to Windows usernames if
they were not the same. I was not running winbind. I believe the
Windows environment was Windows 2003 in mixed mode (I'm not a Windows
Domain Admin).
So, in short, the user would map to the Samba server, which, in turn,
would NFS mount the requested share providing the user credentials and
permissions were correct.
The configuration was Redhat 9 running Samba 3.0.1-2.
Now, we are moving to a Windows 2008 Active Directory backend. Doing so
disabled Samba's ability to authenticate the users in Active Directory.
To get back to operation, I set up an OpenSuse 11.4 box running Samba
3.5.7-1.17 so it can talk to AD. However, we are running with mixed
success. Users are able to connect to shares but have to enter
username/password (some can't connect at all). I need Samba to work as
before so connecting to shares is transparent. Also, we are running in
Windows 2003 AD native mode. Going forward, I will need Samba to run in
Windows 2008 AD mode.
I have tried many configurations and have done much reading on the
options in smb.conf, use or not use winbind, reviewed the Samba By
Example documentation on the Samba website, etc.
The OpenSuse box is running in AD as a member server no problem. The
issue is authentication with, or between, NIS and Active Directory. I
hoping someone who has a similar environment can provide assistance (Sun
NIS/NFS, Samba 3, Windows 2003/2008 AD).
My old smb.conf look something like this:
# Global parameters
[global]
workgroup = MYWORKGROUP
netbios name = SAMBASERVER
server string = SAMBASERVER
security = DOMAIN
encrypt passwords = Yes
obey pam restrictions = Yes
password server = *
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
username map = /packages/smbmap/smbnames
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
wins server = IP ADDRESS
printing = cups
My current smb.conf looks like this:
[global]
workgroup = MYWORKGROUP
realm = MYWORKGROUP.COMPANY.COM
server string = SAMBASERVER
security = ADS
map to guest = Bad User
null passwords = Yes
obey pam restrictions = Yes
passdb backend = smbpasswd
username map = /packages/smbmap/smbnames
unix password sync = Yes
client NTLMv2 auth = Yes
log level = 3
log file = /var/log/samba/%m.log
max log size = 0
printcap name = cups
domain master = No
wins server = IP ADDRESS
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind refresh tickets = Yes
cups options = raw
I'm running Winbind now, wasn't before. So I'm also using the
smbpasswd
file to map users. Wasn't using this before either.
Thanks