LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 01-04-2007, 08:59 AM   #1
m2azer
Member
 
Registered: Sep 2004
Location: USA
Distribution: red hat, fedora & centos
Posts: 202

Rep: Reputation: 30
unified steps on howto Samba with 2003 AD


Hello,

I been trying to get samba to join windows 2003 as a domain member however I am not able to find a single accurate document on how to do it. when searching google or yahoo you get alot of docs however each have different steps and different required software, pam, winbind, krb5 etc.. ) and different way of setting it up.

My question have anyone come across any single really good step by step that works on howto join samba to 2003 AD.

believe me i spent a good amount of time on google and yahoo changing configuration according to each doc i read but it really seem like each doc has it own way of doing it and that there is no set of rule or steps that are unified to do it
 
Old 01-05-2007, 04:21 AM   #2
musicman_ace
Senior Member
 
Registered: May 2001
Location: Indiana
Distribution: Gentoo, Debian, RHEL, Slack
Posts: 1,555

Rep: Reputation: 46
Gentoo-wiki has a really good document which takes you through the configuration of each file. You'll either have to download the source or use YUM? to get the packages. One of the main reasons I use gentoo is that their documentation can't be beat.
 
Old 01-05-2007, 01:52 PM   #3
m2azer
Member
 
Registered: Sep 2004
Location: USA
Distribution: red hat, fedora & centos
Posts: 202

Original Poster
Rep: Reputation: 30
thanks for the info but we are using Redhat
 
Old 01-06-2007, 03:18 AM   #4
musicman_ace
Senior Member
 
Registered: May 2001
Location: Indiana
Distribution: Gentoo, Debian, RHEL, Slack
Posts: 1,555

Rep: Reputation: 46
If you understand the concepts it describes, you can apply it to any distro. I've used it in several offices where they were running various linux distros. The configurations aren't gentoo specific. The only difference as stated is that you'll be used the redhat package manager which I believe is YUM.

Give it a shot and post back if you encounter issues.
 
Old 01-06-2007, 09:52 AM   #5
Au_Squirrel
Member
 
Registered: Nov 2005
Location: Brisbane AU
Distribution: FC16
Posts: 51

Rep: Reputation: 15
Go to samba.org and checkout the How to guide. It has all the stuff about how to join an ADS domain.

Regards
 
Old 01-06-2007, 12:09 PM   #6
m2azer
Member
 
Registered: Sep 2004
Location: USA
Distribution: red hat, fedora & centos
Posts: 202

Original Poster
Rep: Reputation: 30
My samba conf

Thank you all for your replies. i have read the samba docs and followed it to the letter - as requested i have supplied my configurations please let me know if i am missing anything -

smb.conf
[global]
workgroup = CAD
netbios name = itbox
hosts allow = 192.168.1. 192.168.0. 127.
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind cache time = 10
template homedir = /home/%D/%U
template shell = /bin/bash
security = ADS
realm = CAD.TESTDOMAIN
password server = vdc2.CAD.TESTDOMAIN
encrypt passwords = yes
log file = /var/log/samba/%m.log
log level = 10
max log size= 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
directory mask = 0700
create mask = 0700

[data]
comment = Doc Samba Server
path = /data
read only = yes
guest only = yes


nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind

krb5.conf
[libdefaults]
default_realm = CAD.TESTDOMAIN

[realms]
CAD.TESTDOMAIN = {
kdc = vdc2.cad.testdomain
}

[domain_realms]
.kerberos.server = CAD.TESTDOMAIN


pam.d/login
#%PAM-1.0
auth required pam_securetty.so
auth sufficient pam_winbind.so
auth sufficient pam_unix.so use_first_pass
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account sufficient pam_winbind.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so

pam.d/samba
#%PAM-1.0
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth

[mina@itbox pam.d]$ wbinfo -t
checking the trust secret via RPC calls succeeded

[mina@itbox pam.d]$ wbinfo -m
itbox
CAD

[mina@itbox pam.d]$ getent passwd admin_mina
admin_mina:*:10001:10002:admin mina:/home/CAD/admin_mina:/bin/bash


[root@itbox pam.d]# /usr/bin/net ads join -Uadministrator
administrator's password:
Using short domain name -- CAD
Joined 'ITBOX' to realm 'CAD.TESTDOMAIN'

wbinfo -u, wbinfo -g all work fine

ps aux | grep winbind
root 2965 0.0 0.3 10188 2848 ? Ss Jan05 0:00 winbindd
root 2966 0.0 0.4 10676 3292 ? S Jan05 0:00 winbindd

smbclient -L itbox
Password:
session setup failed: NT_STATUS_LOGON_FAILURE


when i use a xp client machine to login i see the share, data and home directory, i am able to open data however when i click on homedir windows logon screen comes up requesting username and password - always says wrong username and password please try again

any help will be apprciatted.

Last edited by m2azer; 01-06-2007 at 12:10 PM.
 
Old 01-06-2007, 08:07 PM   #7
m2azer
Member
 
Registered: Sep 2004
Location: USA
Distribution: red hat, fedora & centos
Posts: 202

Original Poster
Rep: Reputation: 30
pam login or system_auth

when setting winbind to auth windows 2003 AD users do i need to configure pam.d/login or pam.d/system_auth?
 
Old 01-08-2007, 03:21 AM   #8
Au_Squirrel
Member
 
Registered: Nov 2005
Location: Brisbane AU
Distribution: FC16
Posts: 51

Rep: Reputation: 15
It sounds like you are not getting the samba server to authenticate users against the ADS. I don't know how to do that because I ensure that the users have accounts created on the samba server.

As a test you may wish to create an smb account on the samba server by using the smbpasswd -a "anexistingsure. Use the same name as the linux account you are using. Next try the smb command.

If this works it means that locally created users can access the samba shares. Then it may be as you suggest, that the linux samba server is not using the ADS/kerboros server for authentication
 
  


Reply

Tags
samba


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
howto relay sendmail with exchange 2003 ioio Linux - General 1 10-25-2006 11:03 PM
Samba Quick Steps? NikToo Linux - Hardware 1 01-25-2006 10:11 AM
simple steps to login to samba domain server from win Xp dbiswas_slg Linux - Networking 2 10-29-2005 03:47 AM
Samba 3.0.6 - How to mount Samba Shares from Windows 2003? kp1 Linux - Software 2 09-10-2004 06:03 PM
Samba-First steps alaios Linux - Networking 6 05-12-2003 04:16 PM


All times are GMT -5. The time now is 05:29 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration