Samba authentication against Active Directory via LDAP
As usual, samba only accepts usernames that also exist in the unix password database (/etc/passwd) . It is also necessary to have a dedicated "bind user" account as mentioned in my previous post. The following are the samba options that need to be tweaked.
If you find some redundancy you can keep it if you tell me where you found it.
[global]
security = SERVER
obey pam restrictions = Yes
password server = name_or_ip # not sure if really needed
passdb backend = ldapsam:ldap://name_or_ip
passwd program = /usr/bin/passwd %u
log level = 3 passdb:10 auth:10 winbind:2 # set to zero if it works
domain master = No
ldap admin dn = user@domain.com
ldap group suffix = OU=company,DC=domain,DC=com
ldap suffix = DC=domain,DC=com
ldap ssl = no
ldap user suffix = OU=company,DC=domain,DC=com
If you find some redundancy you can keep it if you tell me where you found it.
// posted by Jo-Chen @ Wednesday, December 14, 2005 
