[Samba] Re: Problems with Samba and Windows 2003 Active Domain Server

M Maki mmaki at adelphia.net
Thu Jun 9 17:08:58 GMT 2005 

> Any and all help greatly appreciated. It shouldn't be this hard to make
> Windows and Linux work together. sigh!
> 
> 	markh

Mark,

This is how I do it for a WIN2K3 Active Directory domain. I only have 
rights to add computers to our domain and this has worked great for me. 
Took me a few days to get it right. It's not Fedora, maybe it will 
convert you to Debian! I have this documented internally. I should post 
it somewhere public.

Samba Install on Debian Sarge (now Stable!) from Net Install 
http://www.debian.org/CD/netinst/

Install Debian. Don't add any packages during install:

Run command:
apt-get install sudo libkrb5-dev krb5-user libldap2-dev acl libacl1-dev 
quota quotatool rdate

I use sudo that's why it is included. I guess you can do it all as root.

You don't need the quota packages if your not using quotas.
I use rdate to keep my clocks in sync.

Run the commands:

wget http://us2.samba.org/samba/ftp/samba-latest.tar.gz

tar xvzf samba-latest.tar.gz

cd samba-3.0.14a/source

./configure --with-winbind --with-ads --with-quotas --with-acl-support 
--with-mandir=/usr/share/man

make && sudo make install

cp samba-3.0.14a/source/nsswitch/libnss_winbind.so /lib

ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2

touch /etc/ld.so.conf

sbin/ldconfig -v | grep winbind

My /usr/local/samba/lib/smb.conf

[global]

         workgroup = PWR
         realm = PWR.INT.XYZ.COM
         security = ADS
         password server = pwroakdc1.pwr.int.xyz.com
         log file = /usr/local/samba/var/%m.log
         preferred master = No
         local master = No
         domain master = No
         wins server = 192.168.1.22
         idmap uid = 10000-40000
         idmap gid = 10000-40000
         # winbind use default domain = Yes
         winbind enum users = No
         winbind enum groups = No
         winbind nested groups = Yes
         socket options = TCP_NODELAY
         socket options = SO_RCVBUF=8192

[users]
         path = /home/users
         read only = No
         admin users = "PWR\mmaki"

I don't use winbind enum users because we have over 20K users in our domain.

ONLY changes to my /etc/nsswitch.conf

  passwd:         files compat winbind
  group:          files compat winbind
  shadow:               compat

My COMPLETE /etc/krb5.conf

[libdefaults]
         default_realm = PWR.INT.xyz.com

[realms]
         PWR.INT.xyz.com = {
         kdc = pwroakdc1.pwr.int.xyz.com
         kdc = inppwrodc.pwr.int.xyz.com
         }

[domain_realm]
         .pwr.int.xyz.com = PWR.INT.XYZ.COM


My /etc/fstab for using quotas:

/dev/sda1 /home/users ext3 defaults,acl,usrquota,grpquota  0   2

My hosts (/etc/hosts)

add

192.168.1.12  sambaserver.pwr.int.xyz.com  sambaserver

and remove sambaserver from localhost

My /etc/init.d/samba

# Not the best but it works
#!/bin/sh
#
# Start the Samba daemons (nmbd and smbd).
#
/usr/local/samba/sbin/nmbd -D
/usr/local/samba/sbin/smbd -D
/usr/local/samba/sbin/winbindd -B

Run the commands:
ln -s /etc/init.d/samba /etc/rc2.d/S80samba
chmod go+x /etc/init.d/samba

Run command:
/usr/local/samba/bin/net ads join -U adminuser at PWR.INT.XYZ.COM

If sucsessfully joined you should be on your way!

Good Luck,

Mike

More information about the samba mailing list