I'm using Beyond Trust to integrate with active directory on a CentOS 5.6 server. I'm using the interop-install that comes with Beyond Trust to configure SAMBA, which works fine. However, I have some local accounts that I want to still work & for policy reasons, I can't create them in AD. Is there a way to configure SAMBA to use both authentication methods, or use ADS as primary & fall back on SMBPASSWD?
Asked
Active
Viewed 1.1k times
2 Answers
2
In your smb.conf you can specify the 'auth methods' parameter, listing which authentication methods you want to use, such as:
auth methods = guest sam winbind
The parameters are read left to right; with the example above, Samba will try to match the username with the local smbpasswd first before going trying to match AD.
Note that you may want to replace sam with sam_ignoredomain depending on your version of Samba and the format of your username. Play around with what works for you.
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#AUTHMETHODS
jjv
- 256
- 1
- 3
-
I used `auth methods = sam winbind` which works. I'm posting my working smb.conf in an answer below just for posterity. – churnd Mar 01 '12 at 22:09
0
Got it working with:
[global]
workgroup = DOMAIN
security = ADS
auth methods = sam winbind
realm = DOMAIN.EXAMPLE.COM
machine password timeout = 0
server string = SERVER
idmap domains = ALL
idmap config ALL:backend = lwicompat_v4
idmap config ALL:default = yes
idmap config ALL:readonly = yes
idmap uid = 10000-33554431
idmap gid = 10000-33554431
Everything else is vanilla SAMBA config.
churnd
- 4,077
- 5
- 34
- 42