I've been trying for a few days to get a samba server 3.0.13 to work as
an adition to some servers inside a Active Directory domain (windows
2003) servers.
My first problem is that wbinfo_group.pl does not work anymore after SP1
update to windows domain controllers, it is not capable of getting sig
for the group.
Second pb. I managed to get access for windows workstations to the samba
server according to the authentication from Active Directory. Managing
rights from the Security tab of a windows station does not work. I got
"inherit acl = yes" and "nt acl support = yes", so kerberos auth. is
working.
Third and last pb.
I get authentication only after caching with wbinfo -u and wbinfo -g.
There goes my smb.conf:
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2005-04-04
[global]
workgroup = bogus workgroup name
username map = /etc/samba/smbusers
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
add machine script = /usr/sbin/useradd -c Machine -d
/var/lib/nobody -s /bin/false %m$
domain logons = No
domain master = No
local master = No
os level = 65
preferred master = No
realm = BOGUS.BOGUS
encrypt passwords = Yes
client signing = Yes
server signing = Yes
security = ADS
password server = bogus-adserver
winbind use default domain = Yes
winbind cache time = 6000
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind separator = +
winbind enable local accounts = yes
client use spnego = Yes
[homes]
comment = Home Directories
valid users = %S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root
[public]
comment = Test area
path = /samba
inherit acls = Yes
writeable = Yes
browseable = Yes
net acl support = Yes
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
|