[Samba] Joining Samba host to a Windows DOMAIN
C.J. Adams-Collier
cjcollier at gmail.com
Thu Jul 31 23:19:10 GMT 2008
Excellent. The only stumbling block here was that realm should be the full
realm name and not just the short version.
Thanks a bunch!
On Thu, Jul 31, 2008 at 2:19 PM, kissg <mail.gery at gmail.com> wrote:
> You can join your Samba server to your AD domain as a member server. It
> should work with Samba 3. The basic steps you have to take:
>
> 1, Install the Kerberos libraries (I have already tried Heimdal Kerberos,
> it's known to work)
> Look for the appropriate client package in your package manager. If you use
> any recent distribution, this shouldn't be a problem. For example, in
> Ubuntu, the name of the required package is "libkrb5-22-heimdal". Also, make
> sure you have installed the winbind package (in case it is shipped as a
> separate package in your distribution).
>
> 2, Configure Samba to act as an AD member server:
>
> # Lines to add or change in the smb.conf file:
> [globals]
> realm = <the name of your AD domain>
> security = ADS
> ldap ssl = No
> template shell = /bin/bash
> winbind separator = +
> idmap uid = 10000-20000
> idmap gid = 10000-20000
>
> 3, Restart Samba daemons and join your server to the domain:
>
> net ads join -UAdministrator%password
>
> You should get a feedback after issuing this command, which tells you, that
> your host has been successfully joined to the domain.
>
> 4, Enable your system to resolve user and group names using LDAP by editing
> the following lines in /etc/nsswitch.conf:
>
> passwd: files ldap
> shadow: files ldap
> group: files ldap
>
> It's very important to have a properly configured DNS server on your
> network and to ensure, that local name resolution works fine on your Samba
> host.
>
> You may read more in chapter 7.3.4 of the Samba 3 By Example guide, which
> is available at: http://us1.samba.org/samba/docs/man/Samba-Guide/
>
> Best Regards:
> Gergely Kiss
>
>
--
moo.
More information about the samba
mailing list