I had a search around, and if you haven't found it, this is the best bit from the Samba.org site:-
http://us1.samba.org/samba/docs/man/...tml#ads-member
also an important bit at the bottom incase the servers are Windows 2003 servers:-
I Can't Join a Windows 2003 PDC
Windows 2003 requires SMB signing. Client-side SMB signing has been implemented in Samba-3.0. Set client use spnego = yes when communicating with a Windows 2003 server. This will not interfere with other Windows clients that do not support the more advanced security features of Windows 2003 because the client will simply negotiate a protocol tha both it and the server suppport. This is a well-known fall-back facility that is built into the SMB/CIFS protocols.
ALSO a few neat tips.......
1) if you want to test stuff, without hassling a domain admin,
run:
kinit
Administrator@your.kerberos.REALM
but use your name instead of Administrator and password
* if you get an error, there is a problem with your setup
* if you get a prompt, your setup is fine and you can communicate with the domain (and it's time to hassle the admin)
2) Note the use of uppercase for the realm in krb5.conf it's really really important (and in the command above)
so if your domain is
cool.com
try kinit
me@COOL.COM
as lowercase will produce an error.
3) Once it all works, you should be able to:-
smbmount directories using:
smbmount //server/share /mount_point -o username my_username
(password asked for)
then check you can ls on the directory (if you get permission denied your not part of the domain)
4) Domain users should be able to access your samba shares without passwords (ie. using their domain permissions)
Have fun, and let me know if I can help
@
g