Re: [Samba] FreeBSD, Samba 3.0.28a joined to AD domain but prompts for login - Samba

This is a discussion on Re: [Samba] FreeBSD, Samba 3.0.28a joined to AD domain but prompts for login - Samba ; Mike Galvez wrote: > Hi, > > I am trying to connect a FreeBSD server running 7.0 Release and Samba 3.0.28a to a > Windows 2003 AD Domain Controller. Has anyone had success with this combo? I have joined > ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Re: [Samba] FreeBSD, Samba 3.0.28a joined to AD domain but prompts for login

  1. Re: [Samba] FreeBSD, Samba 3.0.28a joined to AD domain but prompts for login

    Mike Galvez wrote:
    > Hi,
    >
    > I am trying to connect a FreeBSD server running 7.0 Release and Samba 3.0.28a to a
    > Windows 2003 AD Domain Controller. Has anyone had success with this combo? I have joined
    > the domain and I can enumerate users, groups, etc..
    >


    Are you referring to Vista as the client? If so, upgrade to 3.0.30 as
    Vista SP1 brought in a bunch of changes that broke Samba (and probably a
    bunch of other things too... ;-)

    Secondly, I see you have a "valid users" variable under "[homes]", do
    you explicitly need it? Try removing it and see if the problem disappears.



    --
    Cheers

    Jason Haar
    Information Security Manager, Trimble Navigation Ltd.
    Phone: +64 3 9635 377 Fax: +64 3 9635 417
    PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] FreeBSD, Samba 3.0.28a joined to AD domain but prompts for login

    In addition to what Jason writes:
    It is good practice to start with a share like "shared" in "/export/shared" and not with the /homes folder, as the home-shares pose additional problems (like access rights). If the user accounts are already created as Unix local acounts, the domain users might not be able to access them.
    Make the /export/shared folder 777 and if this works continue towards the home shares.
    Important: Jason already indicated, that the valid users should be empty, when this works, make valid users something like "MYDOMAIN\%S" and see if you can make progress.

    Have fun with Samba,

    Jens

    -------- Original-Nachricht --------
    > Datum: Tue, 01 Jul 2008 12:04:41 +1200
    > Von: Jason Haar
    > An: Samba Questions
    > Betreff: Re: [Samba] FreeBSD, Samba 3.0.28a joined to AD domain but prompts for login


    > Mike Galvez wrote:
    > > Hi,
    > >
    > > I am trying to connect a FreeBSD server running 7.0 Release and Samba

    > 3.0.28a to a
    > > Windows 2003 AD Domain Controller. Has anyone had success with this

    > combo? I have joined
    > > the domain and I can enumerate users, groups, etc..
    > >

    >
    > Are you referring to Vista as the client? If so, upgrade to 3.0.30 as
    > Vista SP1 brought in a bunch of changes that broke Samba (and probably a
    > bunch of other things too... ;-)
    >
    > Secondly, I see you have a "valid users" variable under "[homes]", do
    > you explicitly need it? Try removing it and see if the problem disappears.
    >
    >
    >
    > --
    > Cheers
    >
    > Jason Haar
    > Information Security Manager, Trimble Navigation Ltd.
    > Phone: +64 3 9635 377 Fax: +64 3 9635 417
    > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
    >
    > --
    > To unsubscribe from this list go to the following URL and read the
    > instructions: https://lists.samba.org/mailman/listinfo/samba


    --
    Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
    Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] FreeBSD, Samba 3.0.28a joined to AD domain but prompts for login

    Jens,

    Many thanks to you and Jason Haar. The home folder + my own built-in account was
    causing confusion. I created a new share as you suggested and set the acls on it
    with setfacl -m g:"MYDOMAIN\group":rwx share, and changed valid users to
    valid users = +"MYDOMAIN\domain users".

    After restarting the samba daemons, I can now log into the shares with
    authentication handled by the Win2k3 PDC.

    The client machine I'm using for testing is a MacBook running a VMware instance
    of XP SP2.

    Thanks again,

    -Mike

    On Tue, Jul 01, 2008 at 09:42:05AM +0200, Jens Nissen wrote:
    > In addition to what Jason writes:
    > It is good practice to start with a share like "shared" in "/export/shared" and not with the /homes folder, as the home-shares pose additional problems (like access rights). If the user accounts are already created as Unix local acounts, the domain users might not be able to access them.
    > Make the /export/shared folder 777 and if this works continue towards the home shares.
    > Important: Jason already indicated, that the valid users should be empty, when this works, make valid users something like "MYDOMAIN\%S" and see if you can make progress.
    >
    > Have fun with Samba,
    >
    > Jens
    >
    > -------- Original-Nachricht --------
    > > Datum: Tue, 01 Jul 2008 12:04:41 +1200
    > > Von: Jason Haar
    > > An: Samba Questions
    > > Betreff: Re: [Samba] FreeBSD, Samba 3.0.28a joined to AD domain but prompts for login

    >
    > > Mike Galvez wrote:
    > > > Hi,
    > > >
    > > > I am trying to connect a FreeBSD server running 7.0 Release and Samba

    > > 3.0.28a to a
    > > > Windows 2003 AD Domain Controller. Has anyone had success with this

    > > combo? I have joined
    > > > the domain and I can enumerate users, groups, etc..
    > > >

    > >
    > > Are you referring to Vista as the client? If so, upgrade to 3.0.30 as
    > > Vista SP1 brought in a bunch of changes that broke Samba (and probably a
    > > bunch of other things too... ;-)
    > >
    > > Secondly, I see you have a "valid users" variable under "[homes]", do
    > > you explicitly need it? Try removing it and see if the problem disappears.
    > >
    > >
    > >
    > > --
    > > Cheers
    > >
    > > Jason Haar
    > > Information Security Manager, Trimble Navigation Ltd.
    > > Phone: +64 3 9635 377 Fax: +64 3 9635 417
    > > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
    > >
    > > --
    > > To unsubscribe from this list go to the following URL and read the
    > > instructions: https://lists.samba.org/mailman/listinfo/samba

    >
    > --
    > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
    > Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
    > --
    > To unsubscribe from this list go to the following URL and read the
    > instructions: https://lists.samba.org/mailman/listinfo/samba


    --
    Mike Galvez

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread