LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-09-2007, 07:43 AM   #1
ajeetraina
Member
 
Registered: Jun 2007
Location: India
Distribution: Ubuntu,Red Hat, Fedora
Posts: 292

Rep: Reputation: 30
Configuring Samba with Active Server Directory !!!


I have a domain called groupinfa.com in WIN 2000 where we all the team is members of.Earlier we used to connect to the domain supplying username and password through the Window PCs and work.But now I want to configure access for the same users in the Linux BOx the credentials whe they access the Samba Shares.I have alreay configured the samba server in one of the machine named dicex.groupinfra.com and its working now.
To get help ,I got this document and till now the steps I implemented are:


Step 1: Install the Required Packages

Note: Enter Y when asked if you want to install the additional packages


apt-get install krb5-user
------------------------------------------
It asked me for the serername I mentioned : groupinfa.com
------------------------------------------
apt-get install winbind samba

Step 2: Edit the /etc/krb5.conf File


Code:
[logging]
default = FILE10000:/var/log/krb5lib.log
[libdefaults]
ticket_lifetime = 24000
default_realm = GROUPINFA.COM
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
GROUPINFRA.COM= {
kdc = dicex.groupinfa.com
admin_server = dicex.groupinfa.com default_domain = groupinfa.com
}
[domain_realm]
.domain.internal = groupinfa.com
domain.internal = groupinfa.com
Step 3: Edit /etc/samba/smb/conf

Notes: Change the NETBIOS name parameter to be correct for the server. Make a backup copy of the original file!!!

1) Make the edits. The configuration shown is the bare minimum and doesn't share anything.


Code:
[global]
security = ads
netbios name = <confused> say MSHOME
realm = groupinfa.com
password server = dicex.groupinfra.com
workgroup = groupinfa.com
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind separator = +
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
domain master = no
2) Test the configuration with the testparm command

Step 4: Edit /etc/nsswitch.conf to look like the example below


Code:
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis

Step 5: Modify the PAM settings

1) /etc/pam.d/common-account should contain only the following lines


Code:
account sufficient pam_winbind.so
account required pam_unix.so

2) /etc/pam.d/common-auth should contain only the following lines


Code:
auth sufficient pam_winbind.so
auth required pam_unix.so nullok_secure use_first_pass3) Modify the /etc/pam.d/common-password file, so the max parameter is set to 50, similar to the one shown below


Code:
password required pam_unix.so nullok obscure min=4 max=50 md54) Make sure the /etc/pam.d/common-session file contains the following line


Code:
session required pam_mkhomedir.so umask=0022 skel=/etc/skelStep 6: Make a directory to hold domain user home directories

Note: Use the value you put in the WORKGROUP tag of the /etc/samba/smb.conf file


Code:
mkdir /home/groupinfa.com
Step 7: Initialize Kerberos

Now the issue is when I run :
#kinit administrator@DOMAIN

commnd can you help me that which user I need to mention.

Is this the same user and password I need to mention that is already configured in WIN 2000 or I need to create the new one.

I have no access to add anything in the GROUPINFRA domain since it is owned centrally by the senior administrator.I have full access to the machine where Samba server is installed(dicex.groupinfra.com)

So pliz help !!!

Last edited by ajeetraina; 08-09-2007 at 07:47 AM.
 
Old 08-10-2007, 05:34 AM   #2
daveginorge
Member
 
Registered: Oct 2006
Location: Porsgrunn, Norway
Distribution: CentOS 5 / 6 / 7
Posts: 107

Rep: Reputation: 16
Do you want the Samba box to get the authorisation from the AD server or will you use Samba Passwords and creat all users on the samba box...?

If you choose the later then the AD users will not be able to change passwords.
 
Old 08-12-2007, 10:39 PM   #3
ajeetraina
Member
 
Registered: Jun 2007
Location: India
Distribution: Ubuntu,Red Hat, Fedora
Posts: 292

Original Poster
Rep: Reputation: 30
I want the authorization from the Domain created in win 2000 groupinfa.com.I dont want to create separate username and password in the samba server.
I want a centralised credentials ;all employees should use the same credentilas when they access win 2000.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Fedora Directory Server sync Active Directory paul_mat Linux - Networking 8 03-08-2007 10:51 AM
Active Directory User Cannot Write to Samba Home Directory jonwatson Linux - Networking 2 12-19-2006 12:40 PM
Samba and Active Directory Yig Linux - Networking 2 12-11-2006 11:01 AM
Authenticating to Samba share using "Active Directory Server" hlslaughter Linux - Software 36 07-23-2004 10:59 AM
Samba in Active Directory bentman78 Linux - General 2 05-06-2003 11:33 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:27 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration