Hi guys,
Tried following someone elses instructions on how to set this up.. so far I have done the following:
Code:
Step 1: Install the Required Packages
Note: Enter Y when asked if you want to install the additional packages
apt-get install krb5-user
apt-get install winbind samba
Step 2: Edit the /etc/krb5.conf File
[logging]
default = FILE10000:/var/log/krb5lib.log
[libdefaults]
ticket_lifetime = 24000
default_realm = ASSIGNMENT.LOCAL
[realms]
ASSIGNMENT.LOCAL = {
kdc = ASS-Server01-01.assignment.local
admin_server = ASS-Server01-01.assignment.local
default_domain = ASSIGNMENT.LOCAL
}
[domain_realm]
.assignment.local = ASSIGNMENT.LOCAL
assignment.local = ASSIGNMENT.LOCAL
Step 3: Edit /etc/samba/smb.conf
[global]
security = ADS
netbios name = ASS-Server01-01
realm = ASSIGNMENT.LOCAL
password server = ASS-Server01-01.assignment.local
workgroup = ASSIGNMENT
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind separator = +
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
domain master = no
Step 4: Edit /etc/nsswitch.conf to look like the example below
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
Step 5: Modify the PAM settings
1) /etc/pam.d/common-account should contain only the following lines
account sufficient pam_winbind.so
account required pam_unix.so
2) /etc/pam.d/common-auth should contain only the following lines
auth sufficient pam_winbind.so
auth required pam_unix.so nullok_secure use_first_pass
3) Modify the /etc/pam.d/common-password file, so the max parameter is set to 50, similar to the one shown below
password required pam_unix.so nullok obscure min=4 max=50 md5
4) Make sure the /etc/pam.d/common-session file contains the following line
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
Step 6: Make a directory to hold domain user home directories
Note: Use the value you put in the WORKGROUP tag of the /etc/samba/smb.conf file
Code:
mkdir /home/ASSIGNMENT
Step 7: Initialize Kerberos
kinit Administrator@ASSIGNMENT.LOCAL
Step 8: Join the system
net ads join -U Administrator@ASSIGNMENT.LOCAL
And its then where I reach a problem... the error message I get is:
Code:
net ads join-U administrator
Enter Administrator's password:
[2010/01/08 00:15:02, 0] passdb/secrets.c:71(secrets_init)
Failed to open /var/lib/samba/secrets.tdb
Failed to join domain: Unable to open secrets database
Any ideas?? Its driving me up the wall.
Thanks guys,
Mike