[Samba] Re: Problems with Samba and Windows 2003 Active DomainServer

Mark A. Holm markh at infoarch.com
Fri Jun 10 07:14:29 GMT 2005 

The one over whelming theme that I keep running across with my Linux installations is that you cannot deploy the packages that come
with the distributions. Which always makes me wonder why the packages exist in the first place, if you can't make them work in a
real environment.

The steps that I am doing, follow both what you did and each of the different tutorials I found, with the exception of compiling the
Samba packages from source. Has anybody been able to make this work using the distributed packages from the Fedora distribution or
SuSE? This installation was my first test to see how easy/hard this was going to be. I have another client that is looking at
deploying approximately 200 workstations. If I have to hand compile each new machine, these will take a lot longer to deploy, even
with scripting and a centralized distribution server.

	markh

-----Original Message-----
From: samba-bounces+markh=infoarch.com at lists.samba.org [mailto:samba-bounces+markh=infoarch.com at lists.samba.org] On Behalf Of M Maki
Sent: Thursday, June 09, 2005 10:09 AM
To: samba at lists.samba.org
Subject: [Samba] Re: Problems with Samba and Windows 2003 Active DomainServer

> Any and all help greatly appreciated. It shouldn't be this hard to make
> Windows and Linux work together. sigh!
> 
> 	markh

Mark,

This is how I do it for a WIN2K3 Active Directory domain. I only have 
rights to add computers to our domain and this has worked great for me. 
Took me a few days to get it right. It's not Fedora, maybe it will 
convert you to Debian! I have this documented internally. I should post 
it somewhere public.

Samba Install on Debian Sarge (now Stable!) from Net Install 
http://www.debian.org/CD/netinst/

Install Debian. Don't add any packages during install:

Run command:
apt-get install sudo libkrb5-dev krb5-user libldap2-dev acl libacl1-dev 
quota quotatool rdate

I use sudo that's why it is included. I guess you can do it all as root.

You don't need the quota packages if your not using quotas.
I use rdate to keep my clocks in sync.

Run the commands:

wget http://us2.samba.org/samba/ftp/samba-latest.tar.gz

tar xvzf samba-latest.tar.gz

cd samba-3.0.14a/source

./configure --with-winbind --with-ads --with-quotas --with-acl-support 
--with-mandir=/usr/share/man

make && sudo make install

cp samba-3.0.14a/source/nsswitch/libnss_winbind.so /lib

ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2

touch /etc/ld.so.conf

sbin/ldconfig -v | grep winbind

My /usr/local/samba/lib/smb.conf

[global]

         workgroup = PWR
         realm = PWR.INT.XYZ.COM
         security = ADS
         password server = pwroakdc1.pwr.int.xyz.com
         log file = /usr/local/samba/var/%m.log
         preferred master = No
         local master = No
         domain master = No
         wins server = 192.168.1.22
         idmap uid = 10000-40000
         idmap gid = 10000-40000
         # winbind use default domain = Yes
         winbind enum users = No
         winbind enum groups = No
         winbind nested groups = Yes
         socket options = TCP_NODELAY
         socket options = SO_RCVBUF=8192

[users]
         path = /home/users
         read only = No
         admin users = "PWR\mmaki"

I don't use winbind enum users because we have over 20K users in our domain.

ONLY changes to my /etc/nsswitch.conf

  passwd:         files compat winbind
  group:          files compat winbind
  shadow:               compat

My COMPLETE /etc/krb5.conf

[libdefaults]
         default_realm = PWR.INT.xyz.com

[realms]
         PWR.INT.xyz.com = {
         kdc = pwroakdc1.pwr.int.xyz.com
         kdc = inppwrodc.pwr.int.xyz.com
         }

[domain_realm]
         .pwr.int.xyz.com = PWR.INT.XYZ.COM


My /etc/fstab for using quotas:

/dev/sda1 /home/users ext3 defaults,acl,usrquota,grpquota  0   2

My hosts (/etc/hosts)

add

192.168.1.12  sambaserver.pwr.int.xyz.com  sambaserver

and remove sambaserver from localhost

My /etc/init.d/samba

# Not the best but it works
#!/bin/sh
#
# Start the Samba daemons (nmbd and smbd).
#
/usr/local/samba/sbin/nmbd -D
/usr/local/samba/sbin/smbd -D
/usr/local/samba/sbin/winbindd -B

Run the commands:
ln -s /etc/init.d/samba /etc/rc2.d/S80samba
chmod go+x /etc/init.d/samba

Run command:
/usr/local/samba/bin/net ads join -U adminuser at PWR.INT.XYZ.COM

If sucsessfully joined you should be on your way!

Good Luck,

Mike


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list