<div>U menja nepoluchajetsja zapustits sambu s avtorizacijei na Active Directory. V principe takoe prechustvie shto nesrabativajet naslednosti grupp v Active directory. Jesli na sharu zapisivaju valid user = domain\username vsjo rabotajet, a jesli tuda stavlju domennuju gruppu, nechavo njepaluchajetsa.... v logah pokazijajet wrong password ili no such user!
</div>
<div>Pri etom vse komandi vidajut pravilnije znachenija!</div>
<div>kinit rabotajet</div>
<div>getent group vidajot vse domennije grupi</div>
<div>getent passwd vidajot vse domennije usera</div>
<div>id vidajot gid dlja domennih juzerov</div>
<div>pam rabotajet i cherez konsolj domennije juzera mozhet zalogonitsja na freebsd, tolko home papochki nerabotajut...</div>
<div>getent groupmap list - pokazivajet shto netu nekokogo mappinga grupp</div>
<div> </div>
<div>FreeBSD 6.2, samba 3.0.24</div>
<div> </div>
<div>No na sharing nepuskajet, jesli prava dostupa prapisivajetsa na grupi!!!</div>
<div> </div>
<div>Faili kofiguracii:</div>
<div> </div>
<div>#smb.conf</div>
<div> </div>
<div>[global]<br> workgroup = CA<br> server string = Serveris<br> realm = CA.VP<br> security = ADS<br> log file = /var/log/samba/log.%U<br> max log size = 150<br> socket options = SO_KEEPALIVE SO_BROADCAST TCP_NODELAY IPTOS_THROUGHPUT SO_RCVBUF=8192 SO_SNDBUF=8192
<br> os level = 0<br> dns proxy = no <br> case sensitive = no<br> nt acl support = Yes<br> inherit acls = yes<br> map acl inherit = yes<br> winbind uid = 100-10000000<br> winbind gid = 100-10000000<br>
winbind enum groups = Yes<br> winbind enum users = Yes<br> winbind use default domain = Yes<br> template shell = /bin/bash<br> time server = Yes<br> template homedir = /home/D%/U%<br> template shell = /bin/sh
<br> hide files = /*.ini/*RECYCLER*/*.db/*.tmp/*.rdp/<br><br>[Dati]<br> comment = Dati<br> path = /dati/share<br> valid users = "CA\domain users"<br> writable = yes<br> </div>
<div> </div>
<div>#nsswitch.conf</div>
<div><pre>group: files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: files winbind
shadow: files winbind
passwd_compat: nis
shells: files</pre><pre>#krb5.conf - (Heimdal)</pre><pre><pre>[libdefaults]
default_realm = CA.VP
clockskew = 300
dns_lookup_realm = true
dns_lookup_kdc = true
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
CA.VP = {
kdc = MAJOR.CA.VP
kdc = CAPTAIN.CA.VP
admin_server = MAJOR.CA.VP
}
OTHER.REALM = {
v4_instance_convert = {
kerberos = kerberos
computer = computer.some.other.domain
}
}
[domain_realm]
.ca.vp = CA.VP
</pre><pre><pre># PAM configuration for the "login" service
auth sufficient /usr/local/lib/pam_winbind.so
auth required pam_unix.so no_warn try_first_pass
account sufficient /usr/local/lib/pam_winbind.so
account required pam_unix.so</pre><pre>session include system
session required /usr/local/lib/pam_mkhomedir.so umask=0700
session required pam_permit.so
session sufficient /usr/local/lib/pam_winbind.so</pre><pre>password include system
password sufficient /usr/local/lib/pam_winbind.so</pre><pre> </pre><pre> </pre></pre></pre></div>