[Samba] my samba configuration walktrought for Active directory

Guillaume C. guillaumechardin at yahoo.fr
Mon Apr 25 14:08:43 GMT 2005


after many mind storming, I finally release this
walktrought for configure samba in an active directory
(W2k3) environement. I hope that it will be usefull
for someone. This procedure can be followed in any
debian woody system, I think that it can be used in
user systems, but I don"t test it. The attached
configuration files are site specific for me but if
you read the samba doc, you can easily identify what
line you must modify for adpat the conf. to your own
site.
I hope that this mail will help some of you :)

1.2..3...
BEGIN

Install NTPDate (from dselect)

Install libtool (from dselect)

install LDAP-dev (from dselect

Install Ncurse 5-4
./configure --with-libtool --with-shared
--enable-termcap --enable-getcap --with-develop
make
make install


Install PAM-0.79
./configure
make
make install

{the linux box ask me some question when i install
PAM}
>>Do you wish to copy the ./access.conf file in this
distribution
>>to /etc/security/access.conf ? (y/n) i said N!


>>An older pam_env configuration file already exists
(/etc/security/pam_env.conf)
>>Do you wish to copy the ./pam_env.conf-example file
in this distribution
>>to /etc/security/pam_env.conf ? (y/n) i said N

>>An older pam_limits configuration file already
exists (/etc/security/limits.conf)
>>Do you wish to copy the ./limits.skel file in this
distribution
>>to /etc/security/limits.conf ? (y/n) i said N



Install Krb5 1.3.6
./configure --enable-dns-for-realm --enable-dns 
make
make install


SAMBA 3.0.13
./configure --prefix=/usr --with-ads --with-krb5=/usr
--with-pam --with-ldap --with-quotas
--with-acl-support --with-winbind
--with-shared-modules=idmap_rid
make
make install


replace value in  /etc/krb5.conf with your own

copy &/or modify nsswitch.conf

copy /samba_sourcedir/nsswitch/libnss_winbind.so in
/lib/ and create a symlink (ln -s) to
/lib/libnss_winbind.so.2
copy /samba_sourcedir/nsswitch/pam_winbind.so in 
/lib/ and create a symlink (ln -s) to
/lib/pam_winbind.so.2

ntpdate serverIP


kinit -V administrator (if the krb5.conf is correctly
created, it will ask your directly for your realm.

net ads join "org_unit" -v (org_unit value is
facultative)

check in active directory if you have a computer named
like your linux samba server

then if you want you can add a host in your DNS
configuration... (i do this for a better performance.)


################OPTIONAL SWAT
CONFIGURATION###############
For a best samba configuration, create a good
configuration in /etc/inetd.conf

just add this line.

swat            stream   tcp    nowait  root   
/usr/sbin/swat  /usr/sbin/swat
(for connect to swat use your linux root password)

and check in /etc/services if the line under appear:
swat 901/tcp (901 is the defaut port)


this is just a draft, but i think that i will create a
full doc in some days. If you have any comment mail me
:)
best Regards
Gui


	

	
		
__________________________________________________________________
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/


More information about the samba mailing list