我正在尝试使用samba来使用Windows AD。我不能通过桑巴使用我的股份。
我的smb.conf
#GLOBAL PARAMETERS
[global]
workgroup = MY_DOMAIN
realm = MY_DOMAIN.COM
preferred master = no
server string = Linux Test Machine
security = ADS
encrypt passwords = yes
password server = MY_MASTER_DOMAIN_CONTROLLER
log level = 3
log file = /var/log/samba/%m
max log size = 50
printcap name = cups
printing = cups
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
idmap uid = 1100-20000
idmap gid = 1100-20000
;template primary group = "Domain Users"
template shell = /bin/bash
[homes]
comment = Home Direcotries
valid users = %S
read only = No
browseable = No
[tmp]
comment = Directory for storing pictures by jims users
path= /var/tmp
Valid Users = @"MY_DOMAIN+group name" MY_DOMAIN+MY_ACCOUNT
; public=no
writable=yes
browseable=yes
read only = no
guest ok = no
create mask = 0777
directory mask = 0777
wbinfo -u和wbinfo -g按预期工作。 kinit MY_ACCOUNT@MY_DOMAIN.COM也可以。
但我无法连接到samba。我正在使用debian 5,samba 3.2.5和kerberos 5.我的/ var / www是777.有什么想法吗?
答案 0 :(得分:0)
您缺少连接到AD的后端。
idmap config MY_DOMAIN:default = true
idmap config MY_DOMAIN:schema-mode = rfc2307
idmap config MY_DOMAIN:range = 10000-49999
idmap config MY_DOMAIN:backend = ad
idmap config * : backend = tdb
idmap config * : range = 50000-99999
winbind nss info = rfc2307