Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 08-09-2007, 07:43 AM   #1
Registered: Jun 2007
Location: India
Distribution: Ubuntu,Red Hat, Fedora
Posts: 292

Rep: Reputation: 30
Configuring Samba with Active Server Directory !!!

I have a domain called in WIN 2000 where we all the team is members of.Earlier we used to connect to the domain supplying username and password through the Window PCs and work.But now I want to configure access for the same users in the Linux BOx the credentials whe they access the Samba Shares.I have alreay configured the samba server in one of the machine named and its working now.
To get help ,I got this document and till now the steps I implemented are:

Step 1: Install the Required Packages

Note: Enter Y when asked if you want to install the additional packages

apt-get install krb5-user
It asked me for the serername I mentioned :
apt-get install winbind samba

Step 2: Edit the /etc/krb5.conf File

default = FILE10000:/var/log/krb5lib.log
ticket_lifetime = 24000
default_realm = GROUPINFA.COM
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
kdc =
admin_server = default_domain =
.domain.internal =
domain.internal =
Step 3: Edit /etc/samba/smb/conf

Notes: Change the NETBIOS name parameter to be correct for the server. Make a backup copy of the original file!!!

1) Make the edits. The configuration shown is the bare minimum and doesn't share anything.

security = ads
netbios name = <confused> say MSHOME
realm =
password server =
workgroup =
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind separator = +
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
domain master = no
2) Test the configuration with the testparm command

Step 4: Edit /etc/nsswitch.conf to look like the example below

passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis

Step 5: Modify the PAM settings

1) /etc/pam.d/common-account should contain only the following lines

account sufficient
account required

2) /etc/pam.d/common-auth should contain only the following lines

auth sufficient
auth required nullok_secure use_first_pass3) Modify the /etc/pam.d/common-password file, so the max parameter is set to 50, similar to the one shown below

password required nullok obscure min=4 max=50 md54) Make sure the /etc/pam.d/common-session file contains the following line

session required umask=0022 skel=/etc/skelStep 6: Make a directory to hold domain user home directories

Note: Use the value you put in the WORKGROUP tag of the /etc/samba/smb.conf file

mkdir /home/
Step 7: Initialize Kerberos

Now the issue is when I run :
#kinit administrator@DOMAIN

commnd can you help me that which user I need to mention.

Is this the same user and password I need to mention that is already configured in WIN 2000 or I need to create the new one.

I have no access to add anything in the GROUPINFRA domain since it is owned centrally by the senior administrator.I have full access to the machine where Samba server is installed(

So pliz help !!!

Last edited by ajeetraina; 08-09-2007 at 07:47 AM.
Old 08-10-2007, 05:34 AM   #2
Registered: Oct 2006
Location: Porsgrunn, Norway
Distribution: CentOS 5 / 6 / 7
Posts: 107

Rep: Reputation: 16
Do you want the Samba box to get the authorisation from the AD server or will you use Samba Passwords and creat all users on the samba box...?

If you choose the later then the AD users will not be able to change passwords.
Old 08-12-2007, 10:39 PM   #3
Registered: Jun 2007
Location: India
Distribution: Ubuntu,Red Hat, Fedora
Posts: 292

Original Poster
Rep: Reputation: 30
I want the authorization from the Domain created in win 2000 dont want to create separate username and password in the samba server.
I want a centralised credentials ;all employees should use the same credentilas when they access win 2000.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fedora Directory Server sync Active Directory paul_mat Linux - Networking 8 03-08-2007 10:51 AM
Active Directory User Cannot Write to Samba Home Directory jonwatson Linux - Networking 2 12-19-2006 12:40 PM
Samba and Active Directory Yig Linux - Networking 2 12-11-2006 11:01 AM
Authenticating to Samba share using "Active Directory Server" hlslaughter Linux - Software 36 07-23-2004 10:59 AM
Samba in Active Directory bentman78 Linux - General 2 05-06-2003 11:33 AM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:27 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration