Hi to all.
i want to combine my linux box users to an Exsiting Windows 2003 Server on my network (Active Directory). in terms that if i want to logon to my linux box using (FTP,SSH,etc...) it would ask the 'AD' for authentication.

i used samba , krb5 , winbind . they gave me soooo much headach .. everytime i try to get around an error i generate 10 more.

and the examples online are useless. !!

so my question is . whats the best way to get this running.

Note : Linux box = Fedora.


Thanks to all .


Regards,

MaaS

If you're starting domain integration from scratch, the Samba+Krb+Winbind setup should be pretty straight-forward. I found the examples in Samba 3 by Example were very clear and effective.

http://www.amazon.com/Samba-3-Exampl...6355762&sr=1-1

- Arch

Here we go . after 2 sleepless nights. this is the best i came around . and no answers could be found anywhere .. ok .

DC = ACTIVE.AD.COM
AD = AD.COM
LUX BOX = CentOS , i changed from Fedora.

ok now config fun !! .

krb5.conf :
===============
[libdefaults]
default_realm = AD.COM
dns_lookup_realm = false
dns_lookup_kdc = false
default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC

[realms]
AD.COM =
{
kdc = AD.COM
kdc = ACTIVE.AD.COM
kdc = ACTIVE.AD.COM
kdc = ACTIVE.AD.COM
admin_server = AD.COM
default_domain = AD.COM
kdc = ACTIVE.AD.COM
}
[domain_realm]
.ad.com = AD.COM
.AD.COM = AD.COM
ad.com = AD.COM
AD.COM = AD.COM
[logging]
kdc = FILE:/var/adm/krd5kdc.log
admin_server = FILE:/var/log/kadmind.log
default = FILE:/var/log/krb5lib.log
[kdc]
profile= /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
========================================

smb.conf
-------------------
[global]

workgroup = AD
password server = ACTIVE.AD.COM
realm = AD.COM
security = ads
idmap uid = 500-10000000
idmap gid = 500-10000000
template homedir = /home/%U
template shell = /bin/sh
winbind use default domain = true
winbind offline logon = false
unix charset = LOCALE
netbios name = CENTOS
server string = CENTOS_JOIN
idmap backend = idmap_rid:AD.COM=500-10000000
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50

winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes

[homes]
comment = Home Dir
valid users = %D\%U
read only = No
browseable = No

==========================================

after running this command:

Shell:> kinit Administrator@AD.COM
Password: xxxxxx
Shell:>

it went fine. no errors or anything else. to indicate.

Shell:> klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator@AD.COM

Valid starting Expires Service principal
03/07/09 05:07:48 03/07/09 15:08:29 krbtgt/AD.COM@AD.COM
renew until 03/08/09 06:07:48


Kerberos 4 ticket cache: /tmp/tkt0

and this command .

Shell:> net ads info
LDAP server: 192.168.1.106
LDAP server name: active.ad.com
Realm: AD.COM
Bind Path: dc=AD,dc=COM
LDAP port: 389
Server time: Sat, 07 Mar 2009 05:24:33 EST
KDC server: 192.168.1.106
Server time offset: 46

NOW THE MAJOR ERROR >.............

SHELL:> net ads join -U Administrator
[2009/03/07 05:11:34, 0] libads/sasl.c:ads_sasl_spnego_bind(330)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
Failed to join domain: Invalid credentials


what da hell this means .. beats me blind ..


Thanx for the help ....


Regards,
MaaS .

anyone ???

I got the answer , had to reinstall everything all over again .

just a note . Dont believe all those Steps u find online.




Admin , this Thread could be closed.

Thank to all .

Hi, i got the some problem.

Do you reinstall a samba platform? or server?

Thanks a lot!