connecting samba to a windows 2003 active directory domain
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
There is less than 12 hours left to vote in the 2015 LinuxQuestions.org Members Choice Awards. Click here to go to the polls. Vote now and make sure your voice is heard!
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
connecting samba to a windows 2003 active directory domain
I've been trying with no apparent luck to get a new Suse box to join our AD as a file server. I can ping from a windows client to the netbios name of the linux file server, and it reports a good IP address (10.110.11.51) I can also ping from the linux FS to the AD server but only by IP address, it can't resolve the netbios name.
I have configured the smb.conf file to represent the realm as mydomain.local and the security set to ads, but am still unable to join the domain using the net ads join command.
I have also configured Krb5.conf as best as I could via online notes, setting up the default realm = MYDOMAIN.LOCAL and to try and get away from any sort of DNS problem, specified the kdc server = 10.110.11.48 (AD server IP) as well as the admin server = 10.110.11.48
I have included the typical winbind settings in smb.conf as well.
After all this, if I try to kinit administrator it returns an error "kinit: krb5_init_context failed: -1765328248"
If I try to join the domain using net ads join -U administrator, I am prompted for the administrator's password, it thinks for awhile and then returns to the command prompt. Although there is no message saying welcome to mydomain, there isn't an error message either.
If I then try to wbinfo -u to get user information from the domain, I get a result of error looking up domain users.
I've been going in circles on this for a while, do you guys have any other thoughts of what I could be doing wrong? I am using samba 3.0.2a-51.
PS I have restarted the nmbd and smbd services as well as made sure winbind is running using ps fax | grep winbind. which reports
4657 ? Ss 0:00 winbindd
4658 ? S 0:00 \_winbindd
5368 pts/44 S+ 0:00 \_grep winbindd
PSS. the linux FS shows up in a browse of our windows active directory network but is inaccessible, and if I browse the network on the linux box, our domains show up and I can see the computers but can't access any.
whoa I'm workin on this right now.....I have been trying to work out the ad side, seems you have both got the linux side down....I did the same and added it no problem.....But! it seems I can't get the AD to work and nether can I access the share I created (from the windows side)....as I reasearched it I found you may have to add an ou in AD (idmap)....I have been working out the issues on that side...I inherited this pissy 2003 install were they had changed all the default permissions etc. so now I'm bring up a vmware server image and working with it....if I find it I'll write the .ldf files as default and post them.
I Know what you are talking about, but its been so long since I've Gotten AD and Samba to work together I can't remember how I did it. Google is your best friend, and the answer is out there and shouldn't be too hard to find. If I remember correctly you need to add some things to the samba.conf to allow windows to access the shares, but I'm not sure.
ya the issues I was running into were on the Linux side....seems my build was locked down too tight I removed the security lock down on it and then had to change some of the permissions on the samba side and it worked perfectly (add your admin group in on folder permissions beside the root permissions)....now to re-apply the security on linux....this allowed me to control the permissions from the windows side....I left that place as of now and I still have the team build images so if anyone needs it I'll post the smf.conf or any of the other connection files.
DNS could be your biggest issue, seems they were running the DNS in that shop with 1 ip for the pdc and another for the AD fqdn.....I don't know how it ran, windows isn't that good and always wants to have some sort of authoritative DNS to write to....but thats another issue lol.
We're on a private subnet (10.0.0.0/24) and get on the Internet through a masquerade (nat). Talking about the Windows and DNS, we ended up creating a subdomain for Windows, and it is authorative for that. Then, I made our Linux box a slave on that zone. End result: Windows can have its subdomain as it insists, but our Linux is still serving DNS requests for everything - and that is the way I want it!
I hear ya! I get around the DNS issue by letting windows run as DNS when ever I add a pc to the network, then just copy the new entries to the linux box, and shut off the windows DNS. This seems to work out ok, as windows just fills the event logs with errors, otherwise.