That is a very nice write up. Here is
another if you would like it
http://www.section6.net/wiki/index.php/Configuring_Samba3_to_be_a_Windows_Domain_Member
From:
plug-discuss-bounces@lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Luis Villarreal
Sent: Thursday, October 25, 2007
1:18 PM
To: Main PLUG discussion list
Subject: Re: Samba authentication
to Windows PDC?
I know im a little late
to the discussion but this maybe of some help. I used this howto
found at http://xciprox.googlepages.com/winbind.pdf
but I can't remember where i found it, but kudos to the person that wrote it.
It is debian based but im guessing can it be applied to redhat equivalent
values.You actually have to configure a number of things, primarily pam to
allow active directory logons. Then as Dan stated add the
"user+ADGROUP" values to each share in smb.conf.
On 10/22/07, Dan
Lund <situationalawareness@gmail.com
> wrote:
it's my understanding that with winbind you have the capability in the
smb.conf to set allows for an AD group, or a certain user in the AD
group.
i.e. user+ADGROUP
I wrote a document on this for my previous job but I need to dig it
up.. that is, unless someone else wants to elaborate :)
On 10/22/07, Alan Dayley <alandd@consultpros.com>
wrote:
> Goal: Configure Samba on a Linux server to authenticate users against
> the Windows 2003 Server domain controller.
>
> Linux server
> ------------
> - Red Hat
> - Samba 3.02325202
> - Configuration via Webmin or Red Hat configs or command line
> - Root access available
>
> Windows Domain Controller
> -------------------------
> - Active Directory is active, if that matters
> - LDAP service is available (Bugzilla on the Linux server is already
> correctly authenticating via LDAP to the Windows server)
>
> I have, so far, successfully configured Samba to serve up directories
> that are read/writable by all guests or read-only by all
guests. I need
> to configure shares that are writable by only one or a few users and
> read-only to many others. Such restrictions should be based on
the
> Windows domain controller user credentials. (In fact, it would
be great
> to have all user credentials for access on the Linux server be from the
> domain controller.)
>
> I am wading through much documentation on the subject. So far
my
> understanding is too weak to arrive at the result I want. If
anyone has
> any help to share in this regard, I appreciate it.
>
> Alan
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
--
Thanks,
Dan Lund
"The major difference between a thing that might go wrong and a thing
that cannot possibly go wrong is that when a thing that cannot
possibly go wrong goes wrong it usually turns out to be impossible to
get at or repair."
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss