[Samba] Samba 3.0.7 domain membership with AD2003
Baron Robert
mollusque_des_bois at hotmail.com
Wed Oct 27 10:57:59 GMT 2004
hi guys,
I have problems with authentification in a 2003 domain membership
configuration of samba 3.0.7. I'm a newbie in linux systems, then I will
give you my configuration process of the program.
The samba server is installed on a Redhat 9.0 without any base install of
samba, without kerberos and with the open LDAP RPM installed. I follow this
procedure to build binarie from sources and install kerberos5 and samba
1] Network configuration :
a)linux: 10.10.10.2 255.255.255.0
DNS: 10.10.10.1
no firewall configured
NetBIOS name: MELKOR
b)windows 2003: 10.10.10.1 255.255.255.0
With DNS server and AD (testredhat.priv)
NetBIOS name: UNGOLIANT
1]installation of kerberos:
a)compilation: ./configure --enable-dns --enable-dns-for-kdc
--enable-dns-for-realm
make
make install
b) here my /etc/krb5.conf file
#####/etc/krb5.conf#####
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = TESTREDHAT.PRIV
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
TESTREDHAT.PRIV = {
kdc = ungoliant.testredhat.priv:88
admin_server = ungoliant.testredhat.priv:749
default_domain = TESTREDHAT.PRIV
}
[domain_realm]
.testredhat.priv = TESTREDHAT.PRIV
testredhat.priv = TESTREDHAT.PRIV
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
#####End of file#####
c) authentification test with kinit = no problem.
kinit administrator at TESTREDHAT.PRIV
2]samba installation
a) Source compilation (V3.0.7)
./configure --with-ldap --with-krb5=/usr/kerberos --with-ads
--with-winbind
make
make install
b) here my smb.conf file
#####smb.conf#####
[global]
workgroup = TESTREDHAT
netbios name = MELKOR
realm = TESTREDHAT.PRIV
security = ADS
password server = ungoliant.testredhat.priv
encrypt password = yes
printcap name = cups
disable spoolss = Yes
show add printer wizard = No
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind separator = +
winbind use default domain = Yes
use sendfile = Yes
printing = cups
#share#
[data]
comment = Data warehouse directory
path = /data
read only = No
#####end of file#####
c) adding samba server to domain:
net ads join -U administrator
==> no problem
d) I start samba with a script:
#####begin of script#####
/usr/local/samba/sbin/nmbd -D --configfile=/usr/local/samba/lib/smb.conf
/usr/local/samba/sbin/smbd -D --configfile=/usr/local/samba/lib/smb.conf
/usr/local/samba/sbin/winbind -D --configfile=/usr/local/samba/lib/smb.conf
#####end of script#####
-------------------------------------------------
Communication test from the linux server:
ping 10.0.0.1 => ok
smbclient -L -U administrateur => list all the share on the windws server.
test from the windows server:
ping melkor => ok
\\melkor\data => fail and re-ask me to enter password and username
_________________________________________________________________
MSN Messenger : dialoguez en temps réel avec vos amis !
http://g.msn.fr/FR1001/866
More information about the samba
mailing list