This is the config I use:
Samba Homedirectory - Wiki
The security settings come from teh AD groups/users
I heard some people mention they used samba for their file servers seemlessly in their windows domains.
Just wondered if anyone can give me any tips, mainly on which security they use.
Is it best to try and incorporate active directory security with linux, or do you just use samba security?
We now have a half-dozen or so file servers running Samba. They all work very well, however I've come accross an issue trying to mount home directories from another Linux machine, as detailed at the end of that thread above. I couldn't get our LTSP server to log users on when using Samba authentication, so I switched to using Likewise-Open for AD integration. This works fine, but now I can't get the UID on the two machines to match up - I'll have to re-install the file server using Likewise-Open instead of Samba. This probably won't be an issue in your environment unless you;re using LTSP thin clients too, but you might want to use the RID backend for UID assignment just for a spot of future-proofing.
Exactly what dhicks said. The syntax for rid mapping is:
idmap uid = 70000-1000000
idmap gid = 70000-1000000
idmap backend = rid:”EXAMPLE=70000-1000000″
Where EXAMPLE is the short domain name. It will then use 70000 + the last four digits of the user's SID.
This is how I did it: Ubuntu 10.04 Active Directory Authentication | Run Level 3
A few other things I tweaked were the following settings:
winbind cache time = 60 <- default is 300, so if you add an AD user, it won't show up for 5 mins on the linux server.
I was trying to work through this:
But i fell at the first hurdle, which always seems to be the case with these linux tutorials.
kadmin -p admin/admin
Authenticating as principal admin/admin with password.
kadmin: Client not found in Kerberos database while initializing kadmin interface
I then proceded to spend rest of day looking at other tutorials that had me:
kadmin.local -q "addprinc admin/admin"
all sorts of stuff basically.
But am now going to have a look at this other one on notrainers.
apt-get install samba smbclient winbind krb5-doc krb5-user krb5-config
at the command line, and it pretty much configured itself.
Let me know if you have any difficulties with that notrainers guide and I'll update it accordingly.
Made some slight progress with getting samba and AD to work together.
When i restart machine, i have to restart some services after i ssh back into linux. krb5-admin-server and krb5-kdc
Then i have to rejoin net ads join -u Administrator
i then get wbinfo -g and wbinfo -u to work
I am not sure then waht to do.
I dont seem to be able to log into ssh using AD accounts, and i wasnt able to use a UNC path to samba with an AD accounts credentials either.
Whats my next step anyone.
Yes i have that line in there.
i may have configured the home directory section incorrectly, i used the samba homedirectory wiki, which mayb be a little convoluted for me.
Have you got a simple home example i could maybe use for testing.
I still cannot log on with ssh or via unc \\servername\. not sure if i am using the correct format for a username though, tried username, firstname.lastname@example.org, username+fqdn.co.uk, username+netbios, etc
I have another issue, it appears that if i leave the machine for a period of time i seem to lose my connection to AD.
I then receive:
[2010/06/25 10:26:44, 0] utils/net_ads.c:ads_startup(191)
ads_connect: Invalid credentials
after i try the sudo net ads join -U Administrator command.
I try and run
One more afterthought...
I seem to have problems with none of the users being able to access their My Documents at the moment, on the network.
Could this be related to the hacking around with linux and samba i have been doing?
Just rebooting the DC with my fingers crossed.
There are currently 1 users browsing this thread. (0 members and 1 guests)