[Samba] Confused about Active Directory, Winbind, and Kerberos

Rashid N. Achilov achilov-rn at askd.ru
Thu Nov 23 03:40:23 GMT 2006

On Thursday 23 November 2006 01:05, Michael Schurter wrote:
> Any suggestions would be appreciated.  I just want the tightest
> integration between Linux & Active Directory that extends to Linux
> services like ssh, apache, postfix/sasl, etc.

You need a krb5.conf. At least, it should be:
--- from here ---
        default_realm = YOUR.REALM

        YOUR.REALM = {
                kdc = your_windows_dc
                kpasswd_server = your_windows_dc
                admin_server = your_windows_dc

        default = SYSLOG:INFO:LOCAL1

        .yourdomain.ru = YOUR.REALM
        yourdomain.ru = YOUR.REALM
--- krb5.conf ---

Next, you should init Kerberos:
kinit administrator at YOUR.REALM

Next. you can join a domain (supposed, security=ads in smb.conf, 
realm = your.realm)
net ads join -U administrator -w your.realm

After that, you can add winbind into a nsswitch.conf (supposed, pam_winbind.so 
   With Best Regards.
   Rashid N. Achilov (RNA1-RIPE), Web: http://www.askd.ru/~shelton
   OOO "ACK" telecommunications administrator, e-mail: achilov-rn [at] askd.ru
   PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A

More information about the samba mailing list