[Samba] Adding FreeBSD Samba Server to windows 2003 ADS

Alberto Moreno portsbsd at gmail.com
Tue Oct 31 18:53:15 GMT 2006 

2006/10/31, Edward Irvine at home <eirvine at tpg.com.au>:
>
> Hi,
>
> It has been a while since I have looked at any of this. However, I do know
> you don't want to run a kdc on your FreeBSD server. Windows is the KDC.
>
> You do need to tell FreeBSD what realm you are in , and what the Windows
> ADS servers are:
>
> You might wish to try the following in your /etc/krb5.conf file:
>
> # /etc/krb5.conf
>
> [libdefaults]
>     default_realm        = EXAMPLE.COM
>     forwardable          = true
>     default_tgs_enctypes = rc4-hmac des-cbc-crc
>     default_tkt_enctypes = rc4-hmac des-cbc-crc
>
> [appdefaults]
>     default_realm = EXAMPLE.COM
>     pam = {
>         forwardable      = true
>         krb4_convert     = false
>         debug            = false
>     }
>
> [realms]
>     EXAMPLE.COM = {
>         kdc              = ads1.example.com:88
>         kdc              = ads2.example.com:88
>         admin_server     = ads1.example.com:749
>         kpasswd_server   = ads1.example.com:464
>         kpasswd_protocol = SET_CHANGE
>         default_domain   = example.com
>     }
>
> [domain_realm]
>     example.com = EXAMPLE.COM
>    .example.com = EXAMPLE.COM
>
> [logging]
>     default = FILE:/var/log/krb5lib.log
>
> Also, you might want to try this link:
>
> http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html
>
> Eddie
>
>
> Alberto Moreno wrote:
> > 2006/10/27, Guillermo Gutierrez <ggutierrez at marketscan.com>:
> >
> >>
> >> Thank you for your response.
> >> I have not been successful in trying to do this. I have found a how-to
> >> doing this with winbind and ldap ut coud not get them to work.
> >>
> >> -----Original Message-----
> >> From: samba-bounces+ggutierrez=marketscan.com at lists.samba.org [mailto:
> >> samba-bounces+ggutierrez=marketscan.com at lists.samba.org] On Behalf Of
> >> Alberto Moreno
> >> Sent: Thursday, October 26, 2006 11:51 PM
> >> To: samba at lists.samba.org
> >> Subject: Re: [Samba] Adding FreeBSD Samba Server to windows 2003 ADS
> >>
> >> 2006/3/29, Guillermo Gutierrez <ggutierrez at marketscan.com>:
> >> >
> >> > Hi, I am trying to add a FreeBSD 6.0 Samba Server to a windows 2003
> ADS
> >> > domain and utilize winbind/kerberos for authenticating domain users
> on
> >> it.
> >> > I have already done this with a Gentoo Samba server (which after I
> >> > realized how, turned out to be very easy) but it is a lot tougher to
> do
> >> with
> >> > FreeBSD.
> >> >
> >> > Has anyone on the list had any experience with it. The samba in the
> >> > FreeBSD ports is version 3.0.14a but I downloaded the source for
> >> 3.0.21cso that I can use the latest version.
> >> >
> >> > thanks,
> >> >
> >> > Guillermo Gutierrez
> >> > Development Systems Engineer
> >> > Market Scan Information Systems Inc.
> >> > (818) 575-2000 x2427
> >> > ggutierrez at marketscan.com
> >> >
> >> > --
> >> > To unsubscribe from this list go to the following URL and read the
> >> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >> >
> >>
> >> HI Guillermo, im working on this, but i see that this post is from
> march,
> >> just want to know if you succed with this? Did have some tips about
> this
> >> situation? Is your system stable? May you show me your settings?
> >>
> >> I already installed samba on freebsd 6-1 from ports with ADS support,
> >> tomorrow i will try to add that machine to win2k3 AD domain, but  my
> >> doubt
> >> is with the kerberos version that has freebsd by default, can we use
> that
> >> one..?
> >>
> >> We can enable krb5 from rc.conf, but we need all the optios there?
> >>
> >> #
> >> # kerberos. Do not run the admin daemons on slave servers
> >> #
> >>
> >> kerberos5_server_enable="NO" # Run a kerberos 5 master server (or NO).
> >> kerberos5_server="/usr/libexec/kdc" # path to kerberos 5 KDC
> >> kerberos5_server_flags="" # Additional flags to the kerberos 5 server
> >> kadmind5_server_enable="NO" # Run kadmind (or NO)
> >> kadmind5_server="/usr/libexec/kadmind" # path to kerberos 5 admin
> daemon
> >> kpasswdd_server_enable="NO" # Run kpasswdd (or NO)
> >> kpasswdd_server="/usr/libexec/kpasswdd" # path to kerberos 5 passwd
> >> daemon
> >>
> >> Which options i need for this job..?
> >>
> >> Im really starting working with samba, but the kerberos stuff is some
> >> confused, thanks for your time!!!
> >>
> >>
> >>
> >> --
> >> LIving the dream...
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/listinfo/samba
> >>
> >> --
> >> No virus found in this incoming message.
> >> Checked by AVG Free Edition.
> >> Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date:
> >> 10/27/2006
> >>
> >>
> >> --
> >> No virus found in this outgoing message.
> >> Checked by AVG Free Edition.
> >> Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date:
> >> 10/27/2006
> >>
> >>
> >     I read some docs about the same situation with winbind+ldap but went
> i
> > try, no success, but let me try with Kerberos and see what happend, i
> will
> > inform here in the list, see you man.
> >
> > LIving the dream...
>
>
   Thanks for that link i will try and let you know guys, right im setting
the ntp server on my lan to syc clocks between clients & servers.

  See you soon.

-- 
LIving the dream...

More information about the samba mailing list