[Samba] Adding FreeBSD Samba Server to windows 2003 ADS

Edward Irvine at home eirvine at tpg.com.au
Tue Oct 31 13:09:37 GMT 2006


Hi,

It has been a while since I have looked at any of this. However, I do know you don't want to run a kdc on your FreeBSD server. Windows is the KDC.

You do need to tell FreeBSD what realm you are in , and what the Windows ADS servers are:

You might wish to try the following in your /etc/krb5.conf file:

# /etc/krb5.conf

[libdefaults]
    default_realm        = EXAMPLE.COM
    forwardable          = true
    default_tgs_enctypes = rc4-hmac des-cbc-crc
    default_tkt_enctypes = rc4-hmac des-cbc-crc

[appdefaults]
    default_realm = EXAMPLE.COM
    pam = {
        forwardable      = true
        krb4_convert     = false
        debug            = false
    }

[realms]
    EXAMPLE.COM = {
        kdc              = ads1.example.com:88
        kdc              = ads2.example.com:88
        admin_server     = ads1.example.com:749
        kpasswd_server   = ads1.example.com:464
        kpasswd_protocol = SET_CHANGE
        default_domain   = example.com
    }

[domain_realm]
    example.com = EXAMPLE.COM
   .example.com = EXAMPLE.COM

[logging]
    default = FILE:/var/log/krb5lib.log

Also, you might want to try this link:

http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html

Eddie


Alberto Moreno wrote:
> 2006/10/27, Guillermo Gutierrez <ggutierrez at marketscan.com>:
> 
>>
>> Thank you for your response.
>> I have not been successful in trying to do this. I have found a how-to
>> doing this with winbind and ldap ut coud not get them to work.
>>
>> -----Original Message-----
>> From: samba-bounces+ggutierrez=marketscan.com at lists.samba.org [mailto:
>> samba-bounces+ggutierrez=marketscan.com at lists.samba.org] On Behalf Of
>> Alberto Moreno
>> Sent: Thursday, October 26, 2006 11:51 PM
>> To: samba at lists.samba.org
>> Subject: Re: [Samba] Adding FreeBSD Samba Server to windows 2003 ADS
>>
>> 2006/3/29, Guillermo Gutierrez <ggutierrez at marketscan.com>:
>> >
>> > Hi, I am trying to add a FreeBSD 6.0 Samba Server to a windows 2003 ADS
>> > domain and utilize winbind/kerberos for authenticating domain users on
>> it.
>> > I have already done this with a Gentoo Samba server (which after I
>> > realized how, turned out to be very easy) but it is a lot tougher to do
>> with
>> > FreeBSD.
>> >
>> > Has anyone on the list had any experience with it. The samba in the
>> > FreeBSD ports is version 3.0.14a but I downloaded the source for
>> 3.0.21cso that I can use the latest version.
>> >
>> > thanks,
>> >
>> > Guillermo Gutierrez
>> > Development Systems Engineer
>> > Market Scan Information Systems Inc.
>> > (818) 575-2000 x2427
>> > ggutierrez at marketscan.com
>> >
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions:  https://lists.samba.org/mailman/listinfo/samba
>> >
>>
>> HI Guillermo, im working on this, but i see that this post is from march,
>> just want to know if you succed with this? Did have some tips about this
>> situation? Is your system stable? May you show me your settings?
>>
>> I already installed samba on freebsd 6-1 from ports with ADS support,
>> tomorrow i will try to add that machine to win2k3 AD domain, but  my 
>> doubt
>> is with the kerberos version that has freebsd by default, can we use that
>> one..?
>>
>> We can enable krb5 from rc.conf, but we need all the optios there?
>>
>> #
>> # kerberos. Do not run the admin daemons on slave servers
>> #
>>
>> kerberos5_server_enable="NO" # Run a kerberos 5 master server (or NO).
>> kerberos5_server="/usr/libexec/kdc" # path to kerberos 5 KDC
>> kerberos5_server_flags="" # Additional flags to the kerberos 5 server
>> kadmind5_server_enable="NO" # Run kadmind (or NO)
>> kadmind5_server="/usr/libexec/kadmind" # path to kerberos 5 admin daemon
>> kpasswdd_server_enable="NO" # Run kpasswdd (or NO)
>> kpasswdd_server="/usr/libexec/kpasswdd" # path to kerberos 5 passwd 
>> daemon
>>
>> Which options i need for this job..?
>>
>> Im really starting working with samba, but the kerberos stuff is some
>> confused, thanks for your time!!!
>>
>>
>>
>> -- 
>> LIving the dream...
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>
>> -- 
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date:
>> 10/27/2006
>>
>>
>> -- 
>> No virus found in this outgoing message.
>> Checked by AVG Free Edition.
>> Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date:
>> 10/27/2006
>>
>>
>     I read some docs about the same situation with winbind+ldap but went i
> try, no success, but let me try with Kerberos and see what happend, i will
> inform here in the list, see you man.
> 
> LIving the dream...



More information about the samba mailing list