RE: Samba authentication to Windows PDC?

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Bryan O'Neal
Date:  
To: Main PLUG discussion list
Subject: RE: Samba authentication to Windows PDC?
I configured my Samba server to participate in the domain using Kerberos
& winbind. I then set the shares as read/writable to large groups and
set my Linux ALC permissions on the files for specific Windows users or
groups. I can even set the permissions using the Windows Explorer
Security GUI.

I helped a couple of people do this but I could not get Hans's set up to
work, but I have had some good success with it. There are a few small
bugs, but nothing that has made me move up to OpenAFS or format the box
as a windows system :)

-----Original Message-----
From:
[mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Dan
Lund
Sent: Monday, October 22, 2007 12:23 PM
To: Main PLUG discussion list
Subject: Re: Samba authentication to Windows PDC?

it's my understanding that with winbind you have the capability in the
smb.conf to set allows for an AD group, or a certain user in the AD
group.

i.e. user+ADGROUP

I wrote a document on this for my previous job but I need to dig it
up.. that is, unless someone else wants to elaborate :)




On 10/22/07, Alan Dayley <> wrote:
> Goal: Configure Samba on a Linux server to authenticate users against
> the Windows 2003 Server domain controller.
>
> Linux server
> ------------
> - Red Hat Enterprise Linux 5
> - Samba 3.02325202
> - Configuration via Webmin or Red Hat configs or command line
> - Root access available
>
> Windows Domain Controller
> -------------------------
> - Active Directory is active, if that matters
> - LDAP service is available (Bugzilla on the Linux server is already
> correctly authenticating via LDAP to the Windows server)
>
> I have, so far, successfully configured Samba to serve up directories
> that are read/writable by all guests or read-only by all guests. I

need
> to configure shares that are writable by only one or a few users and
> read-only to many others. Such restrictions should be based on the
> Windows domain controller user credentials. (In fact, it would be

great
> to have all user credentials for access on the Linux server be from

the
> domain controller.)
>
> I am wading through much documentation on the subject. So far my
> understanding is too weak to arrive at the result I want. If anyone

has
> any help to share in this regard, I appreciate it.
>
> Alan
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>



--
Thanks,
Dan Lund

"The major difference between a thing that might go wrong and a thing
that cannot possibly go wrong is that when a thing that cannot
possibly go wrong goes wrong it usually turns out to be impossible to
get at or repair."
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss