samba-users May 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: Re: [Samba] Samba and active Directory

Re: [Samba] Samba and active Directory

From: Dimitri Yioulos <dyioulos_at_nospam>
Date: Fri May 14 2010 - 15:28:05 GMT
To: samba@lists.samba.org

On Friday 14 May 2010 5:11:20 am Andreas Hubert
wrote:
> hi all,
>
> yes the good old topic where most people have a
> problem with :)
>
> I have a Windows 2003 Active Directory Server
> und want that users on this directory are able
> to login on a Samba Share. The authentication
> with wbinfo -a user%password works and I
> already joined the domain with
> net ads join
> I am also able to authenticate as directory
> user with his directory password, BUT only if
> this username also exists in the /etc/passwd
> file. Users which username is not in the lokal
> passwd file cannot login. I use samba Version
> 3.0.37 on Solaris 10, here is my smb.conf:
>
> [global]
> workgroup = ABC
> realm = ABC.DE
> server string = Samba Server
> security = ADS
> map to guest = Bad User
> password server = ABCDC01.abc.de
> ABCDC02.abc.de use kerberos keytab = Yes
> log file = /var/log/samba/log.%m
> max log size = 50
> time server = Yes
> os level = 65
> local master = No
> domain master = No
> wins support = Yes
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind separator = +
> winbind use default domain = Yes
>
> [test]
> comment = test
> path = /test
>
> read only = No
> [/code]
>
> The user ABC+corpus also exists locally and I
> am able to logon with his Directory password on
> the share, but not with the user ABC+ahu If I
> just do
> useradd ahu
> I am able to logon with this user!
> What am I doing wrong? I also want that users
> from the directory will be mapped to the local
> user corpus from the access rights and would do
> this with "force user = corpus" on the share,
> would this be right?
>
> Thanks for any help
>
>

Firstly, did you configure Kerberos properly.
Nextly, and I could be wrong on this, but I think
you need to change:

valid users = ABC+corpus, ABC+ahu

to:

valid users = "@ABC+corpus" "@ABC+ahu"

Dimitri

-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba