[Samba] Fwd: W2k8r2 and samba 3 integration
paul harford
harfordmeister at gmail.com
Wed Dec 4 06:35:25 MST 2013
Hi Steve
i did a net ads join - U "username" and that worked fine
i have also added what you mentioned above all went ok no errors
samba version is 3.6.9
krb5.conf is as follows
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = domain name.INT
[realms]
domain name.INT = {
default_domain = domain name.INT
kdc = dc01.domain name.int:88
admin_server = dc01.domain name.int:749
}
[domain_realm]
domain name.int = DOMAIN NAME.INT
i was searching around and as you said its a whole big world of pain when
try to use AD, kerberos. Thanks again for you help
Paul
On 4 December 2013 11:14, steve <steve at steve-ss.com> wrote:
> On Wed, 2013-12-04 at 11:04 +0000, paul harford wrote:
> > Hi Steve
> > Yes the nas is joined to the domain. When i do wbinfo -u and -g all
> > looks good when i do getent passwd i can see all the users and the
> > same for groups.
> >
> >
> > i didn't stick up the share config but its listed below
> >
> >
> > [tshare]
> >
> > valid users = @"Domain removed\domain admins",@"Domain removed
> > \domain users"
> >
> > path = /testpool/tshare
> >
> > write list = @"Domain removed\domain admins",@"Domain removed
> > \domain users"
> >
> >
> > This was just a test share but basically there will be user share on
> > the NAS and we want to restrict the share to certain users and groups
> > etc
> >
> >
> > haven't heard of the keytab before can you explain ?
> >
>
> >
> > Thanks for the response its appreciated
> >
> >
> > Paul
>
> Hi
> Phew. AD, kerberos and keytabs would need a whole book to describe but
> basically, with kerberos, not only does the user have to prove himself,
> but also the machine on which he is working has to too. Hence the keytab
> which must contain the machine key. This can be produced when the
> machine is joined to the domain or, if you forgot, afterwards as
> outlined below.
>
> Add to smb.conf:
> kerberos method = system keytab
>
> now issue:
> net ads keytab create -UAdministrator
> and enter the windows Administrator password
>
> That should get us to the next stage or give errors which will help us
> further.
>
> Meanwhile, what does
> /etc/krb5.conf
> look like?
>
> Cheers,
> Steve
>
>
>
More information about the samba
mailing list