Samba, XP, Server 2K3/8 and AD

Don’t worry, I know - that title probably makes this question seem way more complicated than it actually is. Here’s the situation:

I have a server running SLES10 with a samba share set up on it. I created a username in Samba and Linux for myself, can access the share, permissions are fine, yadda yadda. Now I want to give about 100 more people access to it.

I have active directory running which users log into and I’d like them to be able to use their active directory passwords to authenticate to the share, rather than have me create 100 individual Samba/Linux accounts.

In the future the AD server will be changing over to server 2008 but I’ll cross that bridge when I get there.

It would be equally effective if I could pull AD passwords from AD and “auto-create” the associated Linux/Samba users.

Any ideas or could someone point in the right direction?

Thanks!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Use the password server line on the smb.conf file, see man smb.conf

password server (G)

By specifying the name of another SMB server or Active
Directory domain controller with this option, and using
security = [ads|domain|server] it is possible to get Samba to
do all its username/password validation using a
specific remote server.


VampirD
No in elenath hîlar nan hâd gîn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkt5kcEACgkQJQ+0ABWtaVnbTQCeKYeNix+phx6NZzzChEhFLe39
zpUAoN54WCLY91r2JCgF9wVbMNpvsVgX
=Rlwa
-----END PGP SIGNATURE-----

Any other tips? This didn’t work. Either that or I need more information.

Thanks!

On Mon February 15 2010 11:56 am, ThePistonDoctor wrote:

>
> Don’t worry, I know - that title probably makes this question seem way
> more complicated than it actually is. Here’s the situation:
>
> I have a server running SLES10 with a samba share set up on it. I
> created a username in Samba and Linux for myself, can access the share,
> permissions are fine, yadda yadda. Now I want to give about 100 more
> people access to it.
>
> I have active directory running which users log into and I’d like them
> to be able to use their active directory passwords to authenticate to
> the share, rather than have me create 100 individual Samba/Linux
> accounts.
>
> In the future the AD server will be changing over to server 2008 but
> I’ll cross that bridge when I get there.
>
> It would be equally effective if I could pull AD passwords from AD and
> “auto-create” the associated Linux/Samba users.
>
> Any ideas or could someone point in the right direction?
>
> Thanks!
>
ThePistonDoctor;

This is the OpenSuse forum for the free version of SuSE. Although someone
here might know the answer to your question, I think you would be more likely
to get a solution if you posted on the Novel SLES forum located here:

http://forums.novell.com/novell-product-support-forums/suse-linux-enterprise-server-sles/

I know it is possible to do what you want but most of my knowledge is purely
academic.

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have one SAMBA server configure to use the AD server as password
server, I use the default smb.conf and add the line that say on the man
pages, verify if you don’t have a firewall problem, on openSuSE allow
the SAMBA server and client on the firewall, and allow connections from
the SAMBA PC on the win2k3


VampirD
No in elenath hîlar nan hâd gîn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkt8dhEACgkQJQ+0ABWtaVmTEQCcDcRb3OU9wj6BxqKJhilrMElO
G4IAnRCKiWsAI/uR+cWuZjDQoQjg1+uw
=6rGE
-----END PGP SIGNATURE-----

We have almost the same scenario as yours (SLES10/Samba/w2k3/ad/xp) that works seamlessly (almost… wintime craps very often).

You may start at “Active Directory Domain with Samba Domain Member Server” in “Samba-3 by Example”:

Chapter 7. Adding Domain Member Servers and Clients

With Samba-2 (shipped with SLES10), we are able to get share access controlled by individual ad accounts as well as ad group membership. Remember to set ACL on the directory’s share exactly as it is set in smb.conf (this is my 2 cents…)

With Samba-3, the version shipped with latest SUSEs, share access controlled by ad group membership IS BROKEN… only individual ad accounts pass throug.

Be happy and good luck!