Search This Blog

Friday 20 February 2009

Authenticate SAMBA share against Active Directory

I have done this twice, ever and both times were tedious. I have a Linux file server and two Windows servers, one of which is the PDC. What I want to do, is have the samba shares check the PDC for authentication removing the need for separate samba passwords. There isn't a huge amount to this, it is just a matter of finding everything. You have to put references to a usermap in smb.conf and in the usermap have your *nix users mapped to you domain users in the following form

LinuxUser=DOMAIN\windowsUser

eg.

paulm=DOMAIN\paul.mulcahy

There are lines that have to be added to smb.conf so it will look use the active directory users, in my case, these are in the global section fo smb.conf

[global]
workgroup = WORKGROUP
realm = DOMAIN
preferred master = no
server string = Fileserver
security = domain
encrypt passwords = yes
log level = 1
log file = /var/log/samba/%m
max log size = 50
printcap name = cups
printing = cups
idmap uid = 600-20000
idmap gid = 600-20000
template homedir = /home/users/%U
template shell = /bin/bash
password server = server
username map = /etc/samba/smbusers

This is all quite straightforward, what had me was getting it into the domain. After much searching I found this command.

net rpc join -S SERVER -U user

Which must be run as root. After that, I was able to log in to my samba shares using my Windows log in.

Al red italics are varialbes wich should be changed to suit your environment

No comments:

Post a Comment