[Samba] Re: Problems with Samba and Windows 2003 Active
DomainServer
Mark A. Holm
markh at infoarch.com
Fri Jun 10 07:14:29 GMT 2005
The one over whelming theme that I keep running across with my Linux installations is that you cannot deploy the packages that come
with the distributions. Which always makes me wonder why the packages exist in the first place, if you can't make them work in a
real environment.
The steps that I am doing, follow both what you did and each of the different tutorials I found, with the exception of compiling the
Samba packages from source. Has anybody been able to make this work using the distributed packages from the Fedora distribution or
SuSE? This installation was my first test to see how easy/hard this was going to be. I have another client that is looking at
deploying approximately 200 workstations. If I have to hand compile each new machine, these will take a lot longer to deploy, even
with scripting and a centralized distribution server.
markh
-----Original Message-----
From: samba-bounces+markh=infoarch.com at lists.samba.org [mailto:samba-bounces+markh=infoarch.com at lists.samba.org] On Behalf Of M Maki
Sent: Thursday, June 09, 2005 10:09 AM
To: samba at lists.samba.org
Subject: [Samba] Re: Problems with Samba and Windows 2003 Active DomainServer
> Any and all help greatly appreciated. It shouldn't be this hard to make
> Windows and Linux work together. sigh!
>
> markh
Mark,
This is how I do it for a WIN2K3 Active Directory domain. I only have
rights to add computers to our domain and this has worked great for me.
Took me a few days to get it right. It's not Fedora, maybe it will
convert you to Debian! I have this documented internally. I should post
it somewhere public.
Samba Install on Debian Sarge (now Stable!) from Net Install
http://www.debian.org/CD/netinst/
Install Debian. Don't add any packages during install:
Run command:
apt-get install sudo libkrb5-dev krb5-user libldap2-dev acl libacl1-dev
quota quotatool rdate
I use sudo that's why it is included. I guess you can do it all as root.
You don't need the quota packages if your not using quotas.
I use rdate to keep my clocks in sync.
Run the commands:
wget http://us2.samba.org/samba/ftp/samba-latest.tar.gz
tar xvzf samba-latest.tar.gz
cd samba-3.0.14a/source
./configure --with-winbind --with-ads --with-quotas --with-acl-support
--with-mandir=/usr/share/man
make && sudo make install
cp samba-3.0.14a/source/nsswitch/libnss_winbind.so /lib
ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
touch /etc/ld.so.conf
sbin/ldconfig -v | grep winbind
My /usr/local/samba/lib/smb.conf
[global]
workgroup = PWR
realm = PWR.INT.XYZ.COM
security = ADS
password server = pwroakdc1.pwr.int.xyz.com
log file = /usr/local/samba/var/%m.log
preferred master = No
local master = No
domain master = No
wins server = 192.168.1.22
idmap uid = 10000-40000
idmap gid = 10000-40000
# winbind use default domain = Yes
winbind enum users = No
winbind enum groups = No
winbind nested groups = Yes
socket options = TCP_NODELAY
socket options = SO_RCVBUF=8192
[users]
path = /home/users
read only = No
admin users = "PWR\mmaki"
I don't use winbind enum users because we have over 20K users in our domain.
ONLY changes to my /etc/nsswitch.conf
passwd: files compat winbind
group: files compat winbind
shadow: compat
My COMPLETE /etc/krb5.conf
[libdefaults]
default_realm = PWR.INT.xyz.com
[realms]
PWR.INT.xyz.com = {
kdc = pwroakdc1.pwr.int.xyz.com
kdc = inppwrodc.pwr.int.xyz.com
}
[domain_realm]
.pwr.int.xyz.com = PWR.INT.XYZ.COM
My /etc/fstab for using quotas:
/dev/sda1 /home/users ext3 defaults,acl,usrquota,grpquota 0 2
My hosts (/etc/hosts)
add
192.168.1.12 sambaserver.pwr.int.xyz.com sambaserver
and remove sambaserver from localhost
My /etc/init.d/samba
# Not the best but it works
#!/bin/sh
#
# Start the Samba daemons (nmbd and smbd).
#
/usr/local/samba/sbin/nmbd -D
/usr/local/samba/sbin/smbd -D
/usr/local/samba/sbin/winbindd -B
Run the commands:
ln -s /etc/init.d/samba /etc/rc2.d/S80samba
chmod go+x /etc/init.d/samba
Run command:
/usr/local/samba/bin/net ads join -U adminuser at PWR.INT.XYZ.COM
If sucsessfully joined you should be on your way!
Good Luck,
Mike
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list