HOWTO: Kerberos domain Join

Andrew Bartlett abartlet at samba.org
Wed Jun 22 02:30:26 GMT 2005 

On Wed, 2005-06-22 at 12:23 +1000, Andrew Bartlett wrote:
> On Thu, 2005-05-19 at 11:52 +1000, Andrew Bartlett wrote:
> > This is an attempt to document the process required to perform a domain
> > join of WinXP to Samba4, using Kerberos.  It assumes you already have
> > followed tridge's tute on installing Samba4 as a DC, and have the config
> > setup for that much.
> > 
> > It would be nice if someone else was able to reproduce this, and work
> > with me on a more complete document.
> 
> A few updates are in order, for progress over the past few months:
> 
> > The steps are to:
> - obtain and install 'Lorikeet Heimdal', and link it into samba
> >  - obtain and provision current Samba4
> >  - install the zone file into the DNS server
> >  - configure Samba4
> >  - Join the WinXP client.
> > 
> 
> > Lorikeet Heimdal
> (move into your samba4 source directory)
> 
> cd samba4/source
> 

(a correction)
svn co svn://svnanon.samba.org/lorikeet/trunk/heimdal heimdal

> > configure Samba4:
> ./configure 
> make clean HEIMDAL_EXTERNAL pch all
> > 
> > Provision your database with setup/provision.pl, and copy the DNS zone
> > and ldb files as indicated.
> > 
> > In your smb.conf, set: 
> > 
> > gensec:krb5=no
> > gensec:gssapi_krb5=yes
> > 
> > Start the DNS server (ensure your WinXP client will use it)
> 
> > Start Samba4
> 
> > You should now be able to join in the usual way.
> > 
> > These instructions are based on what I did, but I've not gone back and
> > re-tested it all.  My hope is to walk though with someone on IRC and see
> > how much I missed out :-).  Clearly this needs to be made easier for our
> > users...
> 
> The big change recently is that we build heimdal into samba4, so samba4
> handles the startup of the kdc, and we use an in-memory keytab to avoid
> dealing with external files (which may get out of sync etc)
> 
> Andrew Bartlett
> 
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050622/edf36095/attachment.bin

More information about the samba-technical mailing list