[Samba] Adding FreeBSD Samba Server to windows 2003 ADS
Edward Irvine at home
eirvine at tpg.com.au
Tue Oct 31 13:09:37 GMT 2006
Hi,
It has been a while since I have looked at any of this. However, I do know you don't want to run a kdc on your FreeBSD server. Windows is the KDC.
You do need to tell FreeBSD what realm you are in , and what the Windows ADS servers are:
You might wish to try the following in your /etc/krb5.conf file:
# /etc/krb5.conf
[libdefaults]
default_realm = EXAMPLE.COM
forwardable = true
default_tgs_enctypes = rc4-hmac des-cbc-crc
default_tkt_enctypes = rc4-hmac des-cbc-crc
[appdefaults]
default_realm = EXAMPLE.COM
pam = {
forwardable = true
krb4_convert = false
debug = false
}
[realms]
EXAMPLE.COM = {
kdc = ads1.example.com:88
kdc = ads2.example.com:88
admin_server = ads1.example.com:749
kpasswd_server = ads1.example.com:464
kpasswd_protocol = SET_CHANGE
default_domain = example.com
}
[domain_realm]
example.com = EXAMPLE.COM
.example.com = EXAMPLE.COM
[logging]
default = FILE:/var/log/krb5lib.log
Also, you might want to try this link:
http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html
Eddie
Alberto Moreno wrote:
> 2006/10/27, Guillermo Gutierrez <ggutierrez at marketscan.com>:
>
>>
>> Thank you for your response.
>> I have not been successful in trying to do this. I have found a how-to
>> doing this with winbind and ldap ut coud not get them to work.
>>
>> -----Original Message-----
>> From: samba-bounces+ggutierrez=marketscan.com at lists.samba.org [mailto:
>> samba-bounces+ggutierrez=marketscan.com at lists.samba.org] On Behalf Of
>> Alberto Moreno
>> Sent: Thursday, October 26, 2006 11:51 PM
>> To: samba at lists.samba.org
>> Subject: Re: [Samba] Adding FreeBSD Samba Server to windows 2003 ADS
>>
>> 2006/3/29, Guillermo Gutierrez <ggutierrez at marketscan.com>:
>> >
>> > Hi, I am trying to add a FreeBSD 6.0 Samba Server to a windows 2003 ADS
>> > domain and utilize winbind/kerberos for authenticating domain users on
>> it.
>> > I have already done this with a Gentoo Samba server (which after I
>> > realized how, turned out to be very easy) but it is a lot tougher to do
>> with
>> > FreeBSD.
>> >
>> > Has anyone on the list had any experience with it. The samba in the
>> > FreeBSD ports is version 3.0.14a but I downloaded the source for
>> 3.0.21cso that I can use the latest version.
>> >
>> > thanks,
>> >
>> > Guillermo Gutierrez
>> > Development Systems Engineer
>> > Market Scan Information Systems Inc.
>> > (818) 575-2000 x2427
>> > ggutierrez at marketscan.com
>> >
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions: https://lists.samba.org/mailman/listinfo/samba
>> >
>>
>> HI Guillermo, im working on this, but i see that this post is from march,
>> just want to know if you succed with this? Did have some tips about this
>> situation? Is your system stable? May you show me your settings?
>>
>> I already installed samba on freebsd 6-1 from ports with ADS support,
>> tomorrow i will try to add that machine to win2k3 AD domain, but my
>> doubt
>> is with the kerberos version that has freebsd by default, can we use that
>> one..?
>>
>> We can enable krb5 from rc.conf, but we need all the optios there?
>>
>> #
>> # kerberos. Do not run the admin daemons on slave servers
>> #
>>
>> kerberos5_server_enable="NO" # Run a kerberos 5 master server (or NO).
>> kerberos5_server="/usr/libexec/kdc" # path to kerberos 5 KDC
>> kerberos5_server_flags="" # Additional flags to the kerberos 5 server
>> kadmind5_server_enable="NO" # Run kadmind (or NO)
>> kadmind5_server="/usr/libexec/kadmind" # path to kerberos 5 admin daemon
>> kpasswdd_server_enable="NO" # Run kpasswdd (or NO)
>> kpasswdd_server="/usr/libexec/kpasswdd" # path to kerberos 5 passwd
>> daemon
>>
>> Which options i need for this job..?
>>
>> Im really starting working with samba, but the kerberos stuff is some
>> confused, thanks for your time!!!
>>
>>
>>
>> --
>> LIving the dream...
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/listinfo/samba
>>
>> --
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date:
>> 10/27/2006
>>
>>
>> --
>> No virus found in this outgoing message.
>> Checked by AVG Free Edition.
>> Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date:
>> 10/27/2006
>>
>>
> I read some docs about the same situation with winbind+ldap but went i
> try, no success, but let me try with Kerberos and see what happend, i will
> inform here in the list, see you man.
>
> LIving the dream...
More information about the samba
mailing list