Samba authentication to Windows PDC?
Bryan O'Neal
BONeal at cornerstonehome.com
Thu Oct 25 20:02:22 MST 2007
I configured my Samba server to participate in the domain using Kerberos
& winbind. I then set the shares as read/writable to large groups and
set my Linux ALC permissions on the files for specific Windows users or
groups. I can even set the permissions using the Windows Explorer
Security GUI.
I helped a couple of people do this but I could not get Hans's set up to
work, but I have had some good success with it. There are a few small
bugs, but nothing that has made me move up to OpenAFS or format the box
as a windows system :)
-----Original Message-----
From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Dan
Lund
Sent: Monday, October 22, 2007 12:23 PM
To: Main PLUG discussion list
Subject: Re: Samba authentication to Windows PDC?
it's my understanding that with winbind you have the capability in the
smb.conf to set allows for an AD group, or a certain user in the AD
group.
i.e. user+ADGROUP
I wrote a document on this for my previous job but I need to dig it
up.. that is, unless someone else wants to elaborate :)
On 10/22/07, Alan Dayley <alandd at consultpros.com> wrote:
> Goal: Configure Samba on a Linux server to authenticate users against
> the Windows 2003 Server domain controller.
>
> Linux server
> ------------
> - Red Hat Enterprise Linux 5
> - Samba 3.02325202
> - Configuration via Webmin or Red Hat configs or command line
> - Root access available
>
> Windows Domain Controller
> -------------------------
> - Active Directory is active, if that matters
> - LDAP service is available (Bugzilla on the Linux server is already
> correctly authenticating via LDAP to the Windows server)
>
> I have, so far, successfully configured Samba to serve up directories
> that are read/writable by all guests or read-only by all guests. I
need
> to configure shares that are writable by only one or a few users and
> read-only to many others. Such restrictions should be based on the
> Windows domain controller user credentials. (In fact, it would be
great
> to have all user credentials for access on the Linux server be from
the
> domain controller.)
>
> I am wading through much documentation on the subject. So far my
> understanding is too weak to arrive at the result I want. If anyone
has
> any help to share in this regard, I appreciate it.
>
> Alan
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
--
Thanks,
Dan Lund
"The major difference between a thing that might go wrong and a thing
that cannot possibly go wrong is that when a thing that cannot
possibly go wrong goes wrong it usually turns out to be impossible to
get at or repair."
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list