Samba 4 - how to enable ADS while compiling
priya sehgal
priyagps at yahoo.co.in
Wed Sep 24 21:07:02 GMT 2008
Hi,
I wish to set up a samba 4 server as a domain member of a Win 2k3 domain, with Active Directory support. The samba server is on a Fedora core 6 . Eventually, I would want to set this samba 4 server as a CIFS Proxy for Win2k3 domain.
But, when I compile samba-4.0.0alpha4 and try to start smbd, it warns me about unrecognized value ADS for security.
1.How should we compile samba-4 with Active Directory support?
I tried .configure --with-ads --with-krb5 --with-ldap., but still it
gives the warning - unrecognized "ADS" for security.
Although, I am able to join the domain and kinit also works fine for me,
my windows XP machine in the same domain cannot access linux samba server in the domain. It gets error - "The account is not authorized to login from this station".
Also, smbclient -L /linux_samba -k
gives the error :
"tree connect failed: Read error: Connection reset by peer."
I think there is something going wrong in the authentication. The call is not going to the Win2k3 server. I looked into the ethereal traces.It may be due to ADS security not recognized by samba.
Please let me know what could be wrong?
2.Also, I could not locate the new winbind binaries, after make install? Is it not compiled? how can we compile it?
3.Also, FC6 already has samba 3.0.23c-2. Will this create any hurdle in installing samba4 on FC6?
Following is the set of packages and files on my system -
netbios name of linux server : linux_samba
Windows 2k3 Domain Controller : 192.168.6.217
DNS Server : 192.168.6.217
DomainName: PRIYADOMAIN.COM
I already have the following packages installed :
1.krb5-workstation-1.5-7
2.krb5-devel-1.5-7
3.krb5-libs-1.5-7
4.krb5-server-1.5-7
5.openldap-2.3.27-4
6.openldap-devel-2.3.27-4
My smb.conf file looks like this :
[globals]
netbios name = linux_samba
workgroup = PRIYADOMAIN
realm = PRIYADOMAIN.COM
preferred master = no
password server = 192.168.6.217
security = ads
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbindd separator = +
idmap uid = 10000 - 20000
idmap gid = 10000 - 20000
;template primary group = "Domain Users"
wins server = 192.168.6.217
hosts allow = 192.168.6.251
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = no
[homes]
comment = Home Directory
valid users = %S
read only = No
browseable = No
[share1]
path = /home/priya/test1
read only = no
write list = PRIYADOMAIN+user1
/etc/krb5.conf looks like this :
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = PRIYADOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realms]
PRIYADOMAIN.COM = {
kdc = 192.168.6.217:88
admin_server = 192.168.6.217
default_domain = priyadomain.com
}
priyadomain.com = {
kdc = 192.168.6.217:88
default_domain = priyadomain.com
}
PRIYADOMAIN = {
kdc = 192.168.6.217:88
default_domain = priyadomain.com
}
[domain_realm]
.kerberos.server = PRIYADOMAIN.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
/etc/nsswitch.conf looks like this:
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns wins
bootparams: nisplus [NOTFOUND=return] files
ethers: db files
netmasks: files
networks: files dns
protocols: db files
rpc: db files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
Any help is appreciated.
Thanks and Regards,
Priya
More information about the samba-technical
mailing list