[Samba] my samba configuration walktrought for Active directory
Guillaume C.
guillaumechardin at yahoo.fr
Mon Apr 25 14:08:43 GMT 2005
after many mind storming, I finally release this
walktrought for configure samba in an active directory
(W2k3) environement. I hope that it will be usefull
for someone. This procedure can be followed in any
debian woody system, I think that it can be used in
user systems, but I don"t test it. The attached
configuration files are site specific for me but if
you read the samba doc, you can easily identify what
line you must modify for adpat the conf. to your own
site.
I hope that this mail will help some of you :)
1.2..3...
BEGIN
Install NTPDate (from dselect)
Install libtool (from dselect)
install LDAP-dev (from dselect
Install Ncurse 5-4
./configure --with-libtool --with-shared
--enable-termcap --enable-getcap --with-develop
make
make install
Install PAM-0.79
./configure
make
make install
{the linux box ask me some question when i install
PAM}
>>Do you wish to copy the ./access.conf file in this
distribution
>>to /etc/security/access.conf ? (y/n) i said N!
>>An older pam_env configuration file already exists
(/etc/security/pam_env.conf)
>>Do you wish to copy the ./pam_env.conf-example file
in this distribution
>>to /etc/security/pam_env.conf ? (y/n) i said N
>>An older pam_limits configuration file already
exists (/etc/security/limits.conf)
>>Do you wish to copy the ./limits.skel file in this
distribution
>>to /etc/security/limits.conf ? (y/n) i said N
Install Krb5 1.3.6
./configure --enable-dns-for-realm --enable-dns
make
make install
SAMBA 3.0.13
./configure --prefix=/usr --with-ads --with-krb5=/usr
--with-pam --with-ldap --with-quotas
--with-acl-support --with-winbind
--with-shared-modules=idmap_rid
make
make install
replace value in /etc/krb5.conf with your own
copy &/or modify nsswitch.conf
copy /samba_sourcedir/nsswitch/libnss_winbind.so in
/lib/ and create a symlink (ln -s) to
/lib/libnss_winbind.so.2
copy /samba_sourcedir/nsswitch/pam_winbind.so in
/lib/ and create a symlink (ln -s) to
/lib/pam_winbind.so.2
ntpdate serverIP
kinit -V administrator (if the krb5.conf is correctly
created, it will ask your directly for your realm.
net ads join "org_unit" -v (org_unit value is
facultative)
check in active directory if you have a computer named
like your linux samba server
then if you want you can add a host in your DNS
configuration... (i do this for a better performance.)
################OPTIONAL SWAT
CONFIGURATION###############
For a best samba configuration, create a good
configuration in /etc/inetd.conf
just add this line.
swat stream tcp nowait root
/usr/sbin/swat /usr/sbin/swat
(for connect to swat use your linux root password)
and check in /etc/services if the line under appear:
swat 901/tcp (901 is the defaut port)
this is just a draft, but i think that i will create a
full doc in some days. If you have any comment mail me
:)
best Regards
Gui
__________________________________________________________________
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails !
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
More information about the samba
mailing list