[Samba] Samba 3.0.14a, Windows 2k3 and ADS

John H Terpstra jht at Samba.Org
Fri May 13 11:06:22 GMT 2005


On Friday 13 May 2005 04:59, sysrm wrote:
> Thanks john,
>
> Is there any specific chapter I should be looking at?

Chapter 7 covers Samba as an ADS Domain Member server.

>
> Searches for the -F switch, adding accounts via samba etc didn't turn up
> anything.
>
> Also it seems to be written more with samba as the PDC, which isnt the case
> for me.

Nope. Chapter 7 deals with domain member servers and clients in general. It 
includes ADS members.

With ADS your Samba server should use Kerberos. To do that on RHEL3 will 
require a lot of work. RHEL3 has MIT KRB 1.2.7 - that will not play well with 
W2K3 ADS for which at least 1.3.4 is needed.

Further comments below.

>
> Thanks anyways
>
> Ross
>
> -----Original Message-----
> From: samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org
> [mailto:samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org] On Behalf Of
> John H Terpstra
> Sent: 13 May 2005 11:32
> To: samba at lists.samba.org
> Subject: Re: [Samba] Samba 3.0.14a, Windows 2k3 and ADS
>
> Ross,
>
> You may find some useful info in the book "Samba-3 by Example" that answers
> your questions. It can be downloaded from:
>
> http://www.samba.org/samba/docs/Samba-Guide.pdf
>
>
> Cheers,
> John T.
>
> On Friday 13 May 2005 04:21, sysrm wrote:
> > Hi all
> >
> > Thanks for everyones help so far with trying to get these all working.
> >
> > I am now at the stage where I can logon to the domain and access a
> > samba share with out having to enter in a username password (i.e samba
> > is using AD to authenticate)
> >
> > My system is setup like so:
> >
> > Windows 2k3 PDC (so I get group policy features, bad password
> > attempts, account expiry etc) Samba 3.0.14a on RH es3 linux FileStore
> > ( peoples Home drive email etc )
> >
> > Now I have a couple of questions...
> >
> > 1. I can use the net rpc add user command to add users, when I do this
> > they are disabled in windows AD, and ive been unable to find any
> > documentation of the -F switch (which is where I assume u can say if
> > they are disabled, what their home directory is, and where to map it
> > etc)

I am documenting this now in the Samba-HOWTO-Collection.

> > 2. In various howto's docs etc people talk about using samba as the
> > pdc and open ldap etc. Is the above system using LDAP ? i.e Windows
> > 2k3 AD ? Or is what I have using kerberos?

Kerberos.

> > 3. assuming im not using ldap, I have a script that currently runs
> > every 15 mins and brings out a user,cryptpasswd list of my users and
> > gives it out to various services (such as .htaccess and squid) Either
> > by using ldap or another way, how is this possible to do? Since the
> > users are no longer on the linux box (locally)

Use winbind - see chapter 7.

- John T.

> > Many thanks!
> >
> > Ross
>
> --
> John H Terpstra
> Samba-Team Member
> Phone: +1 (650) 580-8668
>
> Author:
> The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
> Samba-3 by Example, ISBN: 0131472216
> Hardening Linux, ISBN: 0072254971
> Other books in production.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.


More information about the samba mailing list