Samba 4 - how to enable ADS while compiling
Andrew Bartlett
abartlet at samba.org
Thu Sep 25 02:52:21 GMT 2008
On Thu, 2008-09-25 at 02:37 +0530, priya sehgal wrote:
> Hi,
> I wish to set up a samba 4 server as a domain member of a Win 2k3
> domain, with Active Directory support. The samba server is on a Fedora
> core 6 . Eventually, I would want to set this samba 4 server as a CIFS
> Proxy for Win2k3 domain.
>
> But, when I compile samba-4.0.0alpha4 and try to start smbd, it warns
> me about unrecognized value ADS for security.
>
> 1.How should we compile samba-4 with Active Directory support?
> I tried .configure --with-ads --with-krb5 --with-ldap., but still it
> gives the warning - unrecognized "ADS" for security.
Samba4 does not make any of these components optional. Don't specify
any of these options, they are already included.
The 'security=' parameter has been removed. See instead 'server role =
dc/member/standalone'. You want to be a member.
> Although, I am able to join the domain and kinit also works fine for
> me,
> my windows XP machine in the same domain cannot access linux samba
> server in the domain. It gets error - "The account is not authorized
> to login from this station".
>
> Also, smbclient -L /linux_samba -k
> gives the error :
> "tree connect failed: Read error: Connection reset by peer."
This is because you set the 'hosts allow'.
> I think there is something going wrong in the authentication. The call
> is not going to the Win2k3 server.
> I looked into the ethereal traces.It may be due to ADS security not
> recognized by samba.
> Please let me know what could be wrong?
Perhaps you can post the compressed traces to the list?
> 2.Also, I could not locate the new winbind binaries, after make
> install? Is it not compiled? how can we compile it?
This is included in smbd now.
> 3.Also, FC6 already has samba 3.0.23c-2. Will this create any hurdle
> in installing samba4 on FC6?
That depends where you install Samba4.
> Following is the set of packages and files on my system -
> netbios name of linux server : linux_samba
> Windows 2k3 Domain Controller : 192.168.6.217
> DNS Server : 192.168.6.217
> DomainName: PRIYADOMAIN.COM
>
> I already have the following packages installed :
> 1.krb5-workstation-1.5-7
> 2.krb5-devel-1.5-7
> 3.krb5-libs-1.5-7
> 4.krb5-server-1.5-7
> 5.openldap-2.3.27-4
> 6.openldap-devel-2.3.27-4
None of these are used or required. We have our own internal LDAP and
Kerberos code.
>
> My smb.conf file looks like this :
> [globals]
> netbios name = linux_samba
> workgroup = PRIYADOMAIN
> realm = PRIYADOMAIN.COM
> preferred master = no
> password server = 192.168.6.217
> security = ads
> encrypt passwords = yes
Remove all these, we don't use them.
> log level = 3
> log file = /var/log/samba/%m
> max log size = 50
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbindd separator = +
> idmap uid = 10000 - 20000
> idmap gid = 10000 - 20000
> ;template primary group = "Domain Users"
> wins server = 192.168.6.217
> hosts allow = 192.168.6.251
This will by why your connection is being reset.
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = no
>
> [homes]
> comment = Home Directory
> valid users = %S
> read only = No
> browseable = No
>
> [share1]
> path = /home/priya/test1
> read only = no
> write list = PRIYADOMAIN+user1
I would not use 'write list' in Samba4. It is certainly not hooked up,
I'm supprised it is even recognised. Please run 'testparm' over your
smb.conf
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080924/ec2fd281/attachment.bin
More information about the samba-technical
mailing list