Winbind and Active Directory
Aaron Grewell
AGrewell
Mon Nov 7 11:46:50 PST 2005
> Any ideas of what might have changed between NT Domain and AD Domain
> Emulation? Any security settings which might be enabled in AD that might
> stop this type of activity?
> Anyone with AD integration experience? Should I be joining the AD using
"net
> join" instead of "net rpc join"? Does that still allow me to use winbind
for
> PAM integration?
Well, for one thing you're still using old-stype RPC stuff which is less
secure. If you change to ADS mode and join that way (net ads join IIRC)
you'll get the benefit of Kerberos which is much more secure than NTLM.
That's not directly related to the problem you're having, though. I
used the 'winbind use default domain' directive to eliminate having to
worry so much about the domain. I'm on SuSE 10 which may or may not
matter. PAM configuration is somewhat different than for RH and
friends.
Here's what I'm using for smb.conf if it helps:
[global]
unix charset = LOCALE
workgroup = UWB
realm = UWB.EDU
server string = Samba 3.0.20
security = ADS
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
printcap name = CUPS
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template primary group = "Domain Users"
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
printing = cups
client use spnego = Yes
More information about the Linux-users
mailing list