unable to map windows domain using samba

back2preeti · 03-02-2012, 12:17 AM

Hello all

this is my first post on this forum and I am trying to learn samba as PDC on my test vm. Please forgive me if I ask any stupid question.I am using Centos 6 and trying to connect my windows 7 machine to centos domain

I successfully created my linux box as DNS server server.example not I want to map my windows machine with example domain name

so I configured samba as PDC but it seems I am making some mistake as whenever I try to connect to example domain, windows machine say "cannot connect EXAMPLE domain"

I have followed many links
http://daniel.fiser.cz/?samba
http://www.centos.org/docs/5/html/De...a-servers.html

I found some where that kerberos is required to map windows and linux machine using domain.
Can anyone please help me with this?
Do I need to work any thing with kerberos to connect my windows machine with linux using domain?
As I don't know much about kerberos or LDAP

cbtshare · 03-02-2012, 11:04 PM

Here is a bit of verbiage on how to setup kerebos.

Code:

Procedure 12.1. Kerberos Configuration Steps

If you find the need to manually configure the krb5.conf, you should edit it to have the contents shown in “Kerberos Configuration File: /etc/krb5.conf”. The final fully qualified path for this file should be /etc/krb5.conf.

The following gotchas often catch people out. Kerberos is case sensitive. Your realm must be in UPPERCASE, or you will get an error: “Cannot find KDC for requested realm while getting initial credentials”. Kerberos is picky about time synchronization. The time according to your participating servers must be within 5 minutes or you get an error: “kinit(v5): Clock skew too great while getting initial credentials”. Clock skew limits are, in fact, configurable in the Kerberos protocols (the default is 5 minutes). A better solution is to implement NTP throughout your server network. Kerberos needs to be able to do a reverse DNS lookup on the IP address of your KDC. Also, the name that this reverse lookup maps to must either be the NetBIOS name of the KDC (i.e., the hostname with no domain attached) or the NetBIOS name followed by the realm. If all else fails, you can add a /etc/hosts entry mapping the IP address of your KDC to its NetBIOS name. If Kerberos cannot do this reverse lookup, you will get a local error when you try to join the realm.

You are now ready to test your installation by issuing the command:

root# kinit [USERNAME@REALM]

You are asked for your password, which you should enter. The following is a typical console sequence:

root# kinit ADMINISTRATOR@LONDON.ABMAS.BIZ
Password for ADMINISTRATOR@LONDON.ABMAS.BIZ:

Make sure that your password is accepted by the Active Directory KDC.

Example 12.1. Kerberos Configuration File: /etc/krb5.conf

[libdefaults]
default_realm = LONDON.ABMAS.BIZ

[realms]
LONDON.ABMAS.BIZ = {
kdc = w2k3s.london.abmas.biz
}

The command

root# klist -e

shows the Kerberos tickets cached by the system.

MarkoSan · 03-03-2012, 03:25 AM

I've succesfully joined Windows 7 machine into Samba Domain and PDC Controller: http://www.linuxquestions.org/questi...o-work-927399/And I did not needed Kerberos, if it helps, check out the link!

back2preeti · 03-05-2012, 05:27 AM

Here is my smb.conf

Code:

        workgroup = EXAMPLE
        server string = Samba Server Version %v

        netbios name = SERVER
# ----------------------- Standalone Server Options ------------------------
#
# Scurity can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.

        security = user
        passdb backend = tdbsam
# ----------------------- Domain Members Options ------------------------

   password server = 192.168.0.100


        security = domain
        passdb backend = tdbsam
        realm = kerberos.SERVER

        password server = kerberos.server.example
# ----------------------- Domain Controller Options ------------------------
#

        security = user
        passdb backend = tdbsam

        domain master = yes
        domain logons = yes

/etc.krb.conf

Code:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = EXAMPLE
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 EXAMPLE = {
  kdc = kerberos.example
  admin_server = kerberos.example
 }

[domain_realm]
 .example = EXAMPLE
 example = EXAMPLE

Code:

# kinit preeti@EXAMPLE
kinit: Cannot resolve network address for KDC in realm "EXAMPLE" while getting initial credentials

back2preeti · 03-05-2012, 05:28 AM

Quote:

Originally Posted by MarkoSan

I've succesfully joined Windows 7 machine into Samba Domain and PDC Controller: http://www.linuxquestions.org/questi...o-work-927399/And I did not needed Kerberos, if it helps, check out the link!

I checked that link but I have already tried all the links in that page.
If you have done so than can you help me with some tips.

I checked on some blog that i need to make some registry settings for the same?
These all are just confusing me?

MarkoSan · 03-06-2012, 12:06 AM

Quote:

Originally Posted by back2preeti

I checked that link but I have already tried all the links in that page.
If you have done so than can you help me with some tips.

I checked on some blog that i need to make some registry settings for the same?
These all are just confusing me?

Well in my thread there is a link to some page that describes Windows 7 registry tweak. Check it out and it should work!