Linux-Noob Forums

Full Version: samba server login using windows domain user
You're currently viewing a stripped down version of our content. View the full version with proper formatting.



i am using centos 5. i tried to configure samba server login using windows domain user. may be i was worng in any file .

my windows domain server= (

samba server=telnet (

my krb5.conf


default = FILE:/var/log/krb5libs.log

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmind.log



default_realm = CENTRAL.EDU

default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc

default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc




kdc =

default_domain =



[domain_realm] = CENTRAL.EDU = CENTRAL.EDU



profile = /var/kerberos/krb5kdc/kdc.conf




#======================= Global Settings =====================================



# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH

workgroup = CENTRAL


# server string is the equivalent of the NT Description field

server string = Samba Server


# Security mode. Defines in which mode Samba will operate. Possible

# values are share, user, server, domain and ads. Most people will want

# user level security. See the Samba-HOWTO-Collection for details.

security = ADS


# This option is important for security. It allows you to restrict

# connections to machines which are on your local network. The

# following example restricts access to two C class networks and

# the "loopback" interface. For more examples of the syntax see

# the smb.conf man page

; hosts allow = 192.168.1. 192.168.2. 127.


# If you want to automatically load your printer list rather

# than setting them up individually then you'll need this

; load printers = yes


# you may wish to override the location of the printcap file

; printcap name = /etc/printcap


# on SystemV system setting printcap name to lpstat should allow

# you to automatically obtain a printer list from the SystemV spool

# system

; printcap name = lpstat


# It should not be necessary to specify the print system type unless

# it is non-standard. Currently supported print systems include:

# bsd, cups, sysv, plp, lprng, aix, hpux, qnx

; printing = cups


# This option tells cups that the data has already been rasterized

cups options = raw


# Uncomment this if you want a guest account, you must add this to /etc/passwd

# otherwise the user "nobody" is used

; guest account = pcguest


# this tells Samba to use a separate log file for each machine

# that connects

log file = /var/log/samba/%m.log


# Put a capping on the size of the log files (in Kb).

max log size = 50


# Use password server option only with security = server

# The argument list may include:

# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]

# or to auto-locate the domain controller/s

# password server = *

password server =


# Use the realm option only with security = ads

# Specifies the Active Directory realm the host is part of



# Backend to store user information in. New installations should

# use either tdbsam or ldapsam. smbpasswd is available for backwards

# compatibility. tdbsam requires no further configuration.

; passdb backend = tdbsam


# Using the following line enables you to customise your configuration

# on a per machine basis. The %m gets replaced with the netbios name

# of the machine that is connecting.

# Note: Consider carefully the location in the configuration file of

# this line. The included file is read at that point.

; include = /usr/local/samba/lib/smb.conf.%m


# Configure Samba to use multiple interfaces

# If you have multiple network interfaces then you must list them

# here. See the man page for details.

; interfaces =


# Browser Control Options:

# set local master to no if you don't want Samba to become a master

# browser on your network. Otherwise the normal election rules apply

local master = no


# OS Level determines the precedence of this server in master browser

# elections. The default value should be reasonable

; os level = 33


# Domain Master specifies Samba to be the Domain Master Browser. This

# allows Samba to collate browse lists between subnets. Don't use this

# if you already have a Windows NT domain controller doing this job

; domain master = yes


# Preferred Master causes Samba to force a local browser election on startup

# and gives it a slightly higher chance of winning the election

preferred master = no


# Enable this if you want Samba to be a domain logon server for

# Windows95 workstations.

; domain logons = yes


# if you enable domain logons then you may want a per-machine or

# per user logon script

# run a specific logon batch file per workstation (machine)

; logon script = %m.bat

# run a specific logon batch file per username

; logon script = %U.bat


# Where to store roving profiles (only for Win95 and WinNT)

# %L substitutes for this servers netbios name, %U is username

# You must uncomment the [Profiles] share below

; logon path = \\%L\Profiles\%U


# Windows Internet Name Serving Support Section:

# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server

; wins support = yes


# WINS Server - Tells the NMBD components of Samba to be a WINS Client

# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both

; wins server = w.x.y.z


# WINS Proxy - Tells Samba to answer name resolution queries on

# behalf of a non WINS capable client, for this to work there must be

# at least one WINS Server on the network. The default is NO.

; wins proxy = no


# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names

# via DNS nslookups. The default is NO.

dns proxy = no


# These scripts are used on a domain controller or stand-alone

# machine to add or delete corresponding unix accounts

; add user script = /usr/sbin/useradd %u

; add group script = /usr/sbin/groupadd %g

; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u

; delete user script = /usr/sbin/userdel %u

; delete user from group script = /usr/sbin/deluser %u %g

; delete group script = /usr/sbin/groupdel %g

idmap uid = 10000-20000

idmap gid = 10000-20000

winbind enum users = yes

winbind enum groups = yes

winbind use default domain = yes

template homedir = /home/%U

template shell = /bin/bash

; encrypt passwords = yes



passwd: compat winbind

shadow: files

group: compat winbind




auth [user_unknown=ignore success=ok ignore=ignore default=bad]

auth include system-auth

account required

account include system-auth

password include system-auth

account required

# close should be the first session rule

session required skel=/etc/skel umask=002

session required close

session include system-auth

session required

session optional

# open should only be followed by sessions to be executed in the user context

session required open

session optional force revoke





# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth required

auth sufficient nullok try_first_pass

auth requisite uid >= 500 quiet

auth required


account required

account sufficient uid < 500 quiet

account required


password requisite try_first_pass retry=3

password sufficient md5 shadow nullok try_first_pass use_authtok

password required


session optional revoke

session required

session [success=1 default=ignore] service in crond quiet use_uid

session required


wbinfo -u shows all the domain user as





getent passswd shows all the doamin user.


please help me to solve the prob whrere i am worng so i can log samba server using domain user


thanks in advance.