That is a very nice write up. Here is another if you would like it http://www.section6.net/wiki/index.php/Configuring_Samba3_to_be_a_Window s_Domain_Member ________________________________ From: plug-discuss-bounces@lists.plug.phoenix.az.us [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Luis Villarreal Sent: Thursday, October 25, 2007 1:18 PM To: Main PLUG discussion list Subject: Re: Samba authentication to Windows PDC? I know im a little late to the discussion but this maybe of some help. I used this howto found at http://xciprox.googlepages.com/winbind.pdf but I can't remember where i found it, but kudos to the person that wrote it. It is debian based but im guessing can it be applied to redhat equivalent values.You actually have to configure a number of things, primarily pam to allow active directory logons. Then as Dan stated add the "user+ADGROUP" values to each share in smb.conf. On 10/22/07, Dan Lund wrote: it's my understanding that with winbind you have the capability in the smb.conf to set allows for an AD group, or a certain user in the AD group. i.e. user+ADGROUP I wrote a document on this for my previous job but I need to dig it up.. that is, unless someone else wants to elaborate :) On 10/22/07, Alan Dayley wrote: > Goal: Configure Samba on a Linux server to authenticate users against > the Windows 2003 Server domain controller. > > Linux server > ------------ > - Red Hat Enterprise Linux 5 > - Samba 3.02325202 > - Configuration via Webmin or Red Hat configs or command line > - Root access available > > Windows Domain Controller > ------------------------- > - Active Directory is active, if that matters > - LDAP service is available (Bugzilla on the Linux server is already > correctly authenticating via LDAP to the Windows server) > > I have, so far, successfully configured Samba to serve up directories > that are read/writable by all guests or read-only by all guests. I need > to configure shares that are writable by only one or a few users and > read-only to many others. Such restrictions should be based on the > Windows domain controller user credentials. (In fact, it would be great > to have all user credentials for access on the Linux server be from the > domain controller.) > > I am wading through much documentation on the subject. So far my > understanding is too weak to arrive at the result I want. If anyone has > any help to share in this regard, I appreciate it. > > Alan > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > -- Thanks, Dan Lund "The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair." --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss