Differences between revisions 8 and 10 (spanning 2 versions)
Revision 8 as of 2007-05-17 02:27:27
Size: 524
Editor: JohnJacob
Comment:
Revision 10 as of 2007-05-17 02:43:16
Size: 3221
Editor: JohnJacob
Comment:
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:
Authenticating Debian & Samba to Active Directory Authenticating Debian & Samba to Active Directory (!)
Line 6: Line 6:
Linux Client Configuration =Linux Samba Configuration=
Debian Samba server connecting to Active directory

Installing software

The first thing that you need to do is to install the required packages.

 #aptitude update
 #aptitude upgrade
 #aptitude install samba smbclient winbind krb5-doc krb5-user krb5-config

Windows server information

In this configuration I used the following windows info.

Domain name: is414
Fully qualified domain name: is414.com
Window domain controller: rkb-server

Kerberos setup

Open /etc/krb5.conf

add the following lines to the krb.conf file.

 [libdeffaults]
  default_realm = IS414

 [realms]
  IS414.COM = {
   kdc – rkb-server.is414.com
   admin_server – rkb-server.is414.com
  }

 [domain_realm]
  .kerberos.server = IS414.COM

After that has been completed do the following:

 #kinit administrator@IS414.COM

Verify that it worked by using the following command:
 
 #klist

Samba Setup

Open the samba configuration file /etc/samba/smb.conf and add the following:

 [global]
  security = ADS
  password server = rkb-server
  encrypt passwords = yes
  workgroup = IS414
  realm = IS414.COM
  idmap uid = 10000-20000
  idmap gid = 10000-20000
  winbind enum users = yes
  winbind enum groups = yes
  winbind use default domain = yes
  winbind separator = +

Creating a share in /etc/samba/smb.conf. Replace WindowsShare with any name you want.
first create the folder:
 #mkdir /home/WindowsShare
 #chmod 777 /home/WindowsShare

Add the following in the /etc/samba/smb.conf

 [WindowsShare]
  comment = Windows Share
  path = /home/WindowsShare
  read only = no
  create mask = 0775
  directory mask = 0775
  browsable = yes
  public = yes
  writeable = yes
  force create mode = 0775
  force directory mode = 0775
  force security mode = 0775
  guest ok = no
  inherit permissions = yes
  nt acl support = yes

Test your configuration with the following command:

 #testparm -v

Now you must restart the samba deamon.

 # /etc/init.d/samba stop

Winbind configuration

Stop the winbind deamon.

 #/etc/init.d/winbind stop

edit the couple of lines of the /etc/nsswitch.conf file.

 passwd: compat winbind
 group: compat winbind

Joining the Domain

start the samba and winbind deamons

 #/etc/init.d/samba start
 #/etc/init.d/winbind start

Join the domain with the following command

 #net ads join -U administrator

Test winbind with the following commands

 #wbinfo -u

The wbinfo – u should list the AD users

 #wbinfo – g

The wbinfo – g should list the AD groups

All that is left is to test the connection from the server to verify that the share is working.
Line 9: Line 134:

Authenticating Debian & Samba to Active Directory (!)

  • This walkthrough is designed to give instructions for configuring Linux servers/clients to authenticate to Active Directory. The purpose is to join a Linux samba server and a Linux client to an existing AD structure. The samba connects seamlessly for Windows and Linux users alike. The walkthrough is broken into two sections and is available in via the links below.

=Linux Samba Configuration= Debian Samba server connecting to Active directory

Installing software

The first thing that you need to do is to install the required packages.

  • #aptitude update #aptitude upgrade #aptitude install samba smbclient winbind krb5-doc krb5-user krb5-config

Windows server information

In this configuration I used the following windows info.

Domain name: is414 Fully qualified domain name: is414.com Window domain controller: rkb-server

Kerberos setup

Open /etc/krb5.conf

add the following lines to the krb.conf file.

  • [libdeffaults]
    • default_realm = IS414
    [realms]
    • IS414.COM = {
      • kdc – rkb-server.is414.com admin_server – rkb-server.is414.com
      }
    [domain_realm]
    • kerberos.server = IS414.COM

After that has been completed do the following:

Verify that it worked by using the following command:

  • #klist

Samba Setup

Open the samba configuration file /etc/samba/smb.conf and add the following:

  • [global]
    • security = ADS password server = rkb-server encrypt passwords = yes workgroup = IS414 realm = IS414.COM idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind separator = +

Creating a share in /etc/samba/smb.conf. Replace ?WindowsShare with any name you want. first create the folder:

  • #mkdir /home/WindowsShare #chmod 777 /home/WindowsShare

Add the following in the /etc/samba/smb.conf

  • [?WindowsShare]

    • comment = Windows Share path = /home/WindowsShare read only = no create mask = 0775 directory mask = 0775 browsable = yes public = yes writeable = yes force create mode = 0775 force directory mode = 0775 force security mode = 0775 guest ok = no inherit permissions = yes nt acl support = yes

Test your configuration with the following command:

  • #testparm -v

Now you must restart the samba deamon.

  • # /etc/init.d/samba stop

Winbind configuration

Stop the winbind deamon.

  • #/etc/init.d/winbind stop

edit the couple of lines of the /etc/nsswitch.conf file.

  • passwd: compat winbind group: compat winbind

Joining the Domain

start the samba and winbind deamons

  • #/etc/init.d/samba start #/etc/init.d/winbind start

Join the domain with the following command

  • #net ads join -U administrator

Test winbind with the following commands

  • #wbinfo -u

The wbinfo – u should list the AD users

  • #wbinfo – g

The wbinfo – g should list the AD groups

All that is left is to test the connection from the server to verify that the share is working.

Linux Samba Configuration