I have a domain called groupinfa.com in WIN 2000 where we all the team is members of.Earlier we used to connect to the domain supplying username and password through the Window PCs and work.But now I want to configure access for the same users in the Linux BOx the credentials whe they access the Samba Shares.I have alreay configured the samba server in one of the machine named dicex.groupinfra.com and its working now.
To get help ,I got this document and till now the steps I implemented are:


Step 1: Install the Required Packages

Note: Enter Y when asked if you want to install the additional packages


apt-get install krb5-user
------------------------------------------
It asked me for the serername I mentioned : groupinfa.com
------------------------------------------
apt-get install winbind samba

Step 2: Edit the /etc/krb5.conf File


Code:
[logging]
default = FILE10000:/var/log/krb5lib.log
[libdefaults]
ticket_lifetime = 24000
default_realm = GROUPINFA.COM
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
GROUPINFRA.COM= {
kdc = dicex.groupinfa.com
admin_server = dicex.groupinfa.com default_domain = groupinfa.com
}
[domain_realm]
.domain.internal = groupinfa.com
domain.internal = groupinfa.com
Step 3: Edit /etc/samba/smb/conf

Notes: Change the NETBIOS name parameter to be correct for the server. Make a backup copy of the original file!!!

1) Make the edits. The configuration shown is the bare minimum and doesn't share anything.


Code:
[global]
security = ads
netbios name = <confused> say MSHOME
realm = groupinfa.com
password server = dicex.groupinfra.com
workgroup = groupinfa.com
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind separator = +
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
domain master = no
2) Test the configuration with the testparm command

Step 4: Edit /etc/nsswitch.conf to look like the example below


Code:
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis

Step 5: Modify the PAM settings

1) /etc/pam.d/common-account should contain only the following lines


Code:
account sufficient pam_winbind.so
account required pam_unix.so

2) /etc/pam.d/common-auth should contain only the following lines


Code:
auth sufficient pam_winbind.so
auth required pam_unix.so nullok_secure use_first_pass3) Modify the /etc/pam.d/common-password file, so the max parameter is set to 50, similar to the one shown below


Code:
password required pam_unix.so nullok obscure min=4 max=50 md54) Make sure the /etc/pam.d/common-session file contains the following line


Code:
session required pam_mkhomedir.so umask=0022 skel=/etc/skelStep 6: Make a directory to hold domain user home directories

Note: Use the value you put in the WORKGROUP tag of the /etc/samba/smb.conf file


Code:
mkdir /home/groupinfa.com
Step 7: Initialize Kerberos

Now the issue is when I run :
#kinit administrator@DOMAIN

commnd can you help me that which user I need to mention.

Is this the same user and password I need to mention that is already configured in WIN 2000 or I need to create the new one.

I have no access to add anything in the GROUPINFRA domain since it is owned centrally by the senior administrator.I have full access to the machine where Samba server is installed(dicex.groupinfra.com)

So pliz help !!!

Do you want the Samba box to get the authorisation from the AD server or will you use Samba Passwords and creat all users on the samba box...?

If you choose the later then the AD users will not be able to change passwords.

I want the authorization from the Domain created in win 2000 groupinfa.com.I dont want to create separate username and password in the samba server.
I want a centralised credentials ;all employees should use the same credentilas when they access win 2000.