[NTLUG:Discuss] Samba server + AD domain

. Daniel xdesign at hotmail.com
Fri May 4 12:57:30 CDT 2007 

I took a 'shortcut' in that since I am running CentOS, a RedHat clone, I 
ran "authconfig-tui" and was presented with a text menu that allowed me the 
following options:

[*] Cache Information   [*] Use MD5 Passwords 
[ ] Use Hesiod          [*] Use Shadow Passwords 
[ ] Use LDAP            [ ] Use LDAP Authentication 
[ ] Use NIS             [*] Use Kerberos
[*] Use Winbind         [*] Use SMB Authentication
                        [*] Use Winbind Authentication 
                        [ ] Local authorization is sufficient


Well, the options listed above are what I had set afterward.  Prior to 
this, only  Cache, MD5, Shadow and SMB options were enabled.  After I made 
the change you see above, and kept all other things the same, I was able to 
"ssh" into the box and log in using my active directory domain user 
account.  (I have not yet set it up to create a home directory or any of 
that stuff... don't think I need to.)

But my problem with setting up a SMB share persists.  I can now see the 
shares (something I wasn't able to do before) and I can select the printers 
share without errors coming back to me.  But I cannot access the "html" 
share I want made available.

So here is my current smb.conf:
--------------------------------

[global]
	workgroup = ADOMAIN
	realm = ADOMAIN.COM
	security = ads
	encrypt passwords = yes
	idmap backend = ad
	idmap uid = 16777216-33554431
  	idmap gid = 16777216-33554431
	auth methods = winbind
	winbind enum users = yes
	winbind enum groups = yes
	winbind trusted domains only = no
	winbind use default domain = false
	winbind refresh tickets = yes
	log file = /var/log/samba/%m.log
	map acl inherit = yes
	nt acl support = yes
	dns proxy = no
	netbios name = LINUX
	cups options = raw
	writeable = yes
	server string = Intranet Samba Server
	password server = adcentral
	os level = 20
	max log size = 50

[printers]
	printable = yes

[html]
	valid users = dhauck,@"Domain Admins",@"Domain Users", at all
	path = /var/www/html

----------------------------

I'm thinking I'm just down to a share permissions thing maybe.  The error 
windows gives me is "\\linux\\html is not accessible.  You might not have 
permission to use this network resource.  Contact the administrator of this 
server to find out of you have access permissions.  Access is denied. [OK]" 
 And during this instance, the following log files changed:

192.168.3.94.log, log.winbindd-idmap, and winbindd.log

Those files updated as follows:

[192.168.3.94.log]
[2007/05/04 12:43:01, 1] smbd/sesssetup.c:reply_spnego_kerberos(310)
  Username ADOMAIN\VOYAGER$ is invalid on this system

(VOYAGER is the name of the machine from which I am operating)

[log.winbindd-idmap]
[2007/05/04 12:43:01, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(309)
  ad_idmap_get_id_from_sid: ads_pull_uint32: could not read attribute 
'uidNumber'
[2007/05/04 12:43:01, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(309)
  ad_idmap_get_id_from_sid: ads_pull_uint32: could not read attribute 
'uidNumber'
[2007/05/04 12:43:01, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(309)
  ad_idmap_get_id_from_sid: ads_pull_uint32: could not read attribute 
'uidNumber'
[2007/05/04 12:43:01, 1] sam/idmap_ad.c:ad_idmap_get_id_from_sid(309)
  ad_idmap_get_id_from_sid: ads_pull_uint32: could not read attribute 
'uidNumber'

[winbindd.log]
[2007/05/04 12:43:01, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(259)
  group Domain Admins in domain LINUX does not exist
[2007/05/04 12:43:01, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(259)
  group Domain Users in domain LINUX does not exist
[2007/05/04 12:43:01, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(259)
  group all in domain LINUX does not exist
[2007/05/04 12:43:01, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(259)
  group Domain Admins in domain LINUX does not exist
[2007/05/04 12:43:01, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(259)
  group Domain Users in domain LINUX does not exist
[2007/05/04 12:43:01, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(259)
  group all in domain LINUX does not exist


I think it's safe to say I still have more than one thing wrong here.  If 
anyone has any ideas, please?

_________________________________________________________________
ウェブページを印刷しても途切れない!便利なブラウザを使おう 
http://promotion.msn.co.jp/ie7/

More information about the Discuss mailing list