[Samba] Sanity check my setup....

Kristian Davies kristian.davies at gmail.com
Fri Aug 8 11:17:37 GMT 2008 

This is my first step into the world of samba and I was wondering if
the members of the group wouldn't mind casting a quick eye on my
setup.

Essentially we just want Samba integrated with AD so we can access the
Unix file systems.

Any comment will be gratefully received...!

Cheers,
Kristian



Everything seems to work, although we do get these errors:

[2008/08/08 11:41:13,  1] smbd/sesssetup.c:reply_spnego_kerberos(474)
  Username ABC+MYMACHINE$ is invalid on this system
[2008/08/08 11:50:24,  1] libsmb/clientgen.c:cli_rpc_pipe_close(559)
  cli_rpc_pipe_close: cli_close failed on pipe \lsarpc, fnum 0x800f to
machine abcosdcmp01.ad.abc.local.  Error was SUCCESS - 0
 [2008/08/08 11:50:24,  1] libsmb/clientgen.c:cli_rpc_pipe_close(559)
  cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x4023
to machine abcosdcmp01.ad.abc.local.  Error was SUCCESS - 0

Samba server is CentOS 4.4
Samba version is 3.2.1

 remove all samba rpms

 ./configure --prefix=/disk1/samba --with-ads --with-krb5  --with-pam
--with-winbind \
 --with-syslog --with-quotas --with-acl-support --with-automount
--with-cifsmount \
 --with-aio --enable-socket-wrapper --with-configdir=/etc/samba
--with-logfilebase=/var/log/samba

 make
 make install

 cd /disk1/samba/lib
 ln -s libtalloc.so libtalloc.so.1
 ln -s libtdb.so libtdb.so.1
 ln -s libwbclient.so libwbclient.so.0

add to root account ~/.bashrc
 export PATH=/disk1/samba/bin:$PATH
 export LD_LIBRARY_PATH=/disk1/samba/lib

 /etc/init.d/samba start #(contains winbind too)

 net ads join -Udomain_admin%"password"

FIN.

/etc/krb5.conf

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = AD.ABC.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = true

[libdefaults]
 default_tkt_enctypes = rc4-hmac
 default_tgs_enctypes = rc4-hmac
 permitted_enctypes = rc4-hmac

[realms]
 AD.ABC.LOCAL = {
 kdc = abcosdcmp03.ad.abc.local:88
 admin_server = abcosdcmp03.ad.abc.local:389
 default_domain = ad.abc.local
 }

[domain_realm]
 .ad.abc.local = .AD.ABC.LOCAL
 ad.abc.local = AD.ABC.LOCAL

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
 debug = false
 ticket_lifetime = 36000
 renew_lifetime = 36000
 forwardable = true
 krb4_convert = false
 }

/etc/nsswitch.conf

passwd:     files winbind nisplus nis
shadow:     files winbind nisplus nis
group:      files winbind nisplus nis
hosts:      files dns
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files dns
protocols:  files
rpc:        files
services:   files
netgroup:   nis
publickey:  files
automount:  files
aliases:    files

/etc/samba/smb.conf

[global]
unix charset = LOCALE
workgroup = ABC
realm = AD.ABC.LOCAL
password server = *
netbios name = satansgate
server string = satansgate %v on (%I)
security = ADS
local master = no
os level = 33
log level = 1
syslog = 1
log file = /var/log/samba/%m
max log size = 50
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
socket options = TCP_NODELAY

More information about the samba mailing list