Don’t worry, I know - that title probably makes this question seem way more complicated than it actually is. Here’s the situation:
I have a server running SLES10 with a samba share set up on it. I created a username in Samba and Linux for myself, can access the share, permissions are fine, yadda yadda. Now I want to give about 100 more people access to it.
I have active directory running which users log into and I’d like them to be able to use their active directory passwords to authenticate to the share, rather than have me create 100 individual Samba/Linux accounts.
In the future the AD server will be changing over to server 2008 but I’ll cross that bridge when I get there.
It would be equally effective if I could pull AD passwords from AD and “auto-create” the associated Linux/Samba users.
Any ideas or could someone point in the right direction?
Use the password server line on the smb.conf file, see man smb.conf
password server (G)
By specifying the name of another SMB server or Active
Directory domain controller with this option, and using
security = [ads|domain|server] it is possible to get Samba to
do all its username/password validation using a
specific remote server.
VampirD
No in elenath hîlar nan hâd gîn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
On Mon February 15 2010 11:56 am, ThePistonDoctor wrote:
>
> Don’t worry, I know - that title probably makes this question seem way
> more complicated than it actually is. Here’s the situation:
>
> I have a server running SLES10 with a samba share set up on it. I
> created a username in Samba and Linux for myself, can access the share,
> permissions are fine, yadda yadda. Now I want to give about 100 more
> people access to it.
>
> I have active directory running which users log into and I’d like them
> to be able to use their active directory passwords to authenticate to
> the share, rather than have me create 100 individual Samba/Linux
> accounts.
>
> In the future the AD server will be changing over to server 2008 but
> I’ll cross that bridge when I get there.
>
> It would be equally effective if I could pull AD passwords from AD and
> “auto-create” the associated Linux/Samba users.
>
> Any ideas or could someone point in the right direction?
>
> Thanks!
>
ThePistonDoctor;
This is the OpenSuse forum for the free version of SuSE. Although someone
here might know the answer to your question, I think you would be more likely
to get a solution if you posted on the Novel SLES forum located here:
I have one SAMBA server configure to use the AD server as password
server, I use the default smb.conf and add the line that say on the man
pages, verify if you don’t have a firewall problem, on openSuSE allow
the SAMBA server and client on the firewall, and allow connections from
the SAMBA PC on the win2k3
VampirD
No in elenath hîlar nan hâd gîn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
With Samba-2 (shipped with SLES10), we are able to get share access controlled by individual ad accounts as well as ad group membership. Remember to set ACL on the directory’s share exactly as it is set in smb.conf (this is my 2 cents…)
With Samba-3, the version shipped with latest SUSEs, share access controlled by ad group membership IS BROKEN… only individual ad accounts pass throug.