Question : Need RHEL Samba 3.0 authenticate against AD/LDAP environment for mapping share

Currently I have a RHEL 5.5 server that is joined to a Windows 2003 environment using AD/LDAP. Via ssh, user's AD/LDAP accounts can easily login to the RHEL server and see their home directories. Sudo via LDAP works fine as well.

Since the RHEL server is going to be running Samba as well, the problem I am having is none of the AD/LDAP users can map to the Samba share on the server using their AD/LDAP account from their Windows servers (running Windows 2003 servers). What do I need to do on the RHEL server to allow Samba let the users login with their AD/LDAP credentials and allow the users access to a specific directory?

Also, how do I let the Samba server instance show up under the Window Server's 'Microsoft Windows Network' view as well?

See the smb.conf file (as a code snippet below) for our current configuration setup.

Linux Platform: RHEL 5.5
Samba Version: 3.0.33-3.29.el5_5

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86:

[global] # ----------------------- Network Related Options ------------------------- workgroup = CHAPTER33INT server string = Samba Server Version %v netbios name = VAC33LOGSH1 smb ports = 139 Time server = Yes ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 ; hosts allow = 127. 192.168.12. 192.168.13. # --------------------------- Logging Options ----------------------------- # # Log File let you specify where to put logs and how to split them up. # # Max Log Size let you specify the max size log files should reach # logs split per machine log file = /var/log/samba/%m.log # max 50KB per log file, then rotate ; max log size = 50 # ----------------------- Domain Members Options ------------------------ security = ads passdb backend = tdbsam realm = mydomain.site.com use kerberos keytab = true # ----------------------- Winbind Variables -------------------------------- winbind enum users = Yes winbind enum groups = yes winbind use default domain = Yes winbind nested groups = Yes idmap uid = 12000-20000 idmap gid = 12000-20000 # ----------------------- Browser Control Options ---------------------------- domain master = Yes preferred master = Yes domain logons = Yes os level = 65 # --------------------------- Printing Options ----------------------------- load printers = no printing = bsd printcap name = /dev/null show add printer wizard = no disable spoolss = yes # --------------------------- Filesystem Options --------------------------- # # The following options can be uncommented if the filesystem supports # Extended Attributes and they are enabled (usually by the mount option # user_xattr). Thess options will let the admin store the DOS attributes # in an EA and make samba not mess with the permission bits. # # Note: these options can also be set just per share, setting them in global # makes them the default for all shares ; map archive = no ; map hidden = no ; map read only = no ; map system = no ; store dos attributes = yes #============================ Share Definitions ============================== [winaudit] comment = Remote WinAudit Repository path = /var/log/syslog/win-audit null passwords = yes ;force user = ch33audit ;force group = ch33audit ;valid users = %S valid users = CHAPTER33INT\%S read only = no browseable = yes public = yes guest ok = yes

Answer : Need RHEL Samba 3.0 authenticate against AD/LDAP environment for mapping share

It seems as though the computer account might not have been created or is currently disabled.

You should use fully qualified hostnames for the password servers rather than just the hostname.

Did you use the system-config-authentication? or are you trying to manually update the various config files?

The below is fairly straight forward.
http://www.linuxmail.info/active-directory-integration-samba-centos-5/