Samba authentication to Windows PDC?
Luis Villarreal
xciprox at gmail.com
Thu Oct 25 13:18:14 MST 2007
I know im a little late to the discussion but this maybe of some help. I
used this howto
found at http://xciprox.googlepages.com/winbind.pdf but I can't remember
where i found it, but kudos to the person that wrote it. It is debian based
but im guessing can it be applied to redhat equivalent values.You actually
have to configure a number of things, primarily pam to allow active
directory logons. Then as Dan stated add the "user+ADGROUP" values to each
share in smb.conf.
On 10/22/07, Dan Lund <situationalawareness at gmail.com> wrote:
>
> it's my understanding that with winbind you have the capability in the
> smb.conf to set allows for an AD group, or a certain user in the AD
> group.
>
> i.e. user+ADGROUP
>
> I wrote a document on this for my previous job but I need to dig it
> up.. that is, unless someone else wants to elaborate :)
>
>
>
>
> On 10/22/07, Alan Dayley <alandd at consultpros.com> wrote:
> > Goal: Configure Samba on a Linux server to authenticate users against
> > the Windows 2003 Server domain controller.
> >
> > Linux server
> > ------------
> > - Red Hat Enterprise Linux 5
> > - Samba 3.02325202
> > - Configuration via Webmin or Red Hat configs or command line
> > - Root access available
> >
> > Windows Domain Controller
> > -------------------------
> > - Active Directory is active, if that matters
> > - LDAP service is available (Bugzilla on the Linux server is already
> > correctly authenticating via LDAP to the Windows server)
> >
> > I have, so far, successfully configured Samba to serve up directories
> > that are read/writable by all guests or read-only by all guests. I need
> > to configure shares that are writable by only one or a few users and
> > read-only to many others. Such restrictions should be based on the
> > Windows domain controller user credentials. (In fact, it would be great
> > to have all user credentials for access on the Linux server be from the
> > domain controller.)
> >
> > I am wading through much documentation on the subject. So far my
> > understanding is too weak to arrive at the result I want. If anyone has
> > any help to share in this regard, I appreciate it.
> >
> > Alan
> >
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> >
>
>
> --
> Thanks,
> Dan Lund
>
> "The major difference between a thing that might go wrong and a thing
> that cannot possibly go wrong is that when a thing that cannot
> possibly go wrong goes wrong it usually turns out to be impossible to
> get at or repair."
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20071025/84df629b/attachment.htm
More information about the PLUG-discuss
mailing list