LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   unified steps on howto Samba with 2003 AD (http://www.linuxquestions.org/questions/linux-networking-3/unified-steps-on-howto-samba-with-2003-ad-516243/)

m2azer 01-04-2007 09:59 AM

unified steps on howto Samba with 2003 AD
 
Hello,

I been trying to get samba to join windows 2003 as a domain member however I am not able to find a single accurate document on how to do it. when searching google or yahoo you get alot of docs however each have different steps and different required software, pam, winbind, krb5 etc.. ) and different way of setting it up.

My question have anyone come across any single really good step by step that works on howto join samba to 2003 AD.

believe me i spent a good amount of time on google and yahoo changing configuration according to each doc i read but it really seem like each doc has it own way of doing it and that there is no set of rule or steps that are unified to do it

musicman_ace 01-05-2007 05:21 AM

Gentoo-wiki has a really good document which takes you through the configuration of each file. You'll either have to download the source or use YUM? to get the packages. One of the main reasons I use gentoo is that their documentation can't be beat.

m2azer 01-05-2007 02:52 PM

thanks for the info but we are using Redhat

musicman_ace 01-06-2007 04:18 AM

If you understand the concepts it describes, you can apply it to any distro. I've used it in several offices where they were running various linux distros. The configurations aren't gentoo specific. The only difference as stated is that you'll be used the redhat package manager which I believe is YUM.

Give it a shot and post back if you encounter issues.

Au_Squirrel 01-06-2007 10:52 AM

Go to samba.org and checkout the How to guide. It has all the stuff about how to join an ADS domain.

Regards

m2azer 01-06-2007 01:09 PM

My samba conf
 
Thank you all for your replies. i have read the samba docs and followed it to the letter - as requested i have supplied my configurations please let me know if i am missing anything -

smb.conf
[global]
workgroup = CAD
netbios name = itbox
hosts allow = 192.168.1. 192.168.0. 127.
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind cache time = 10
template homedir = /home/%D/%U
template shell = /bin/bash
security = ADS
realm = CAD.TESTDOMAIN
password server = vdc2.CAD.TESTDOMAIN
encrypt passwords = yes
log file = /var/log/samba/%m.log
log level = 10
max log size= 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
directory mask = 0700
create mask = 0700

[data]
comment = Doc Samba Server
path = /data
read only = yes
guest only = yes


nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind

krb5.conf
[libdefaults]
default_realm = CAD.TESTDOMAIN

[realms]
CAD.TESTDOMAIN = {
kdc = vdc2.cad.testdomain
}

[domain_realms]
.kerberos.server = CAD.TESTDOMAIN


pam.d/login
#%PAM-1.0
auth required pam_securetty.so
auth sufficient pam_winbind.so
auth sufficient pam_unix.so use_first_pass
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account sufficient pam_winbind.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so

pam.d/samba
#%PAM-1.0
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth

[mina@itbox pam.d]$ wbinfo -t
checking the trust secret via RPC calls succeeded

[mina@itbox pam.d]$ wbinfo -m
itbox
CAD

[mina@itbox pam.d]$ getent passwd admin_mina
admin_mina:*:10001:10002:admin mina:/home/CAD/admin_mina:/bin/bash


[root@itbox pam.d]# /usr/bin/net ads join -Uadministrator
administrator's password:
Using short domain name -- CAD
Joined 'ITBOX' to realm 'CAD.TESTDOMAIN'

wbinfo -u, wbinfo -g all work fine

ps aux | grep winbind
root 2965 0.0 0.3 10188 2848 ? Ss Jan05 0:00 winbindd
root 2966 0.0 0.4 10676 3292 ? S Jan05 0:00 winbindd

smbclient -L itbox
Password:
session setup failed: NT_STATUS_LOGON_FAILURE


when i use a xp client machine to login i see the share, data and home directory, i am able to open data however when i click on homedir windows logon screen comes up requesting username and password - always says wrong username and password please try again

any help will be apprciatted.

m2azer 01-06-2007 09:07 PM

pam login or system_auth
 
when setting winbind to auth windows 2003 AD users do i need to configure pam.d/login or pam.d/system_auth?

Au_Squirrel 01-08-2007 04:21 AM

It sounds like you are not getting the samba server to authenticate users against the ADS. I don't know how to do that because I ensure that the users have accounts created on the samba server.

As a test you may wish to create an smb account on the samba server by using the smbpasswd -a "anexistingsure. Use the same name as the linux account you are using. Next try the smb command.

If this works it means that locally created users can access the samba shares. Then it may be as you suggest, that the linux samba server is not using the ADS/kerboros server for authentication


All times are GMT -5. The time now is 12:43 AM.