|
samba : how to synchronize AD users & groups with Samba users &groups
Hello,
I am looking for the best way to make a Samba server to provide shared network files like actually the Windows Server branches do.
I have a RH5 server bind to an AD with ADS security level.
Samba3x is currently installed.
I have a test shared folder. How to proceed to have the best security and to use AD users and groups for granted access ?
I have read a lot of docs but so far I can't choose one because I don't know if the selected one will answer my issue.
I know that the main element to fix is the password for samba users. In facts, all is rely on synchronization.
Here is my smb.conf file :
#======================= Global Settings =====================================
[global]
workgroup = FORMATION
winbind separator = +
realm = FORMATION.*.FR
server string = Samba Server Version %v
security = ADS
#disable netbios = yes
#log level = 3 passdb:5 auth:10 winbind:10
log file = /var/log/samba/samba.%m
max log size = 25000
preferred master = no
local master = no
allow trusted domains = yes
idmap config *:backend = rid
idmap config *:base_rid = 0
idmap config *:range = 1000 - 100000000
idmap config *:backend = rid
idmap config *:base_rid = 0
idmap config *:range = 100000001 - 200000000
idmap config FORMATION:backend = rid
idmap config FORMATION:base_rid = 0
idmap config FORMATION:range = 200000001 - 300000000
idmap uid = 1000-300000000
idmap gid = 1000-300000000
template homedir = /home/%D/%U
template shell = /bin/bash
client NTLMv2 auth = Yes
ntlm auth = No
interfaces = eth0
bind interfaces only = True
invalid users = root @wheel
# Disable printers
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
[test]
writeable = yes
invalid users = root,@wheel
path = /home/test
guest ok = yes
Last edited by zelycorn; 05-11-2011 at 04:13 AM.
|
I've just desactivated the No password for the user. Now, how to deploy this change to all the samba user (comes from AD) ?
