Differences between revisions 2 and 3
Revision 2 as of 2007-05-17 04:00:22
Size: 2891
Editor: JohnJacob
Comment:
Revision 3 as of 2009-03-16 03:29:58
Size: 2891
Editor: anonymous
Comment: converted to 1.6 markup
No differences found!

Linux Samba Configuration:

Debian Samba server connecting to Active directory

1. Installing software

The first thing that you need to do is to install the required packages.

 #aptitude update
 #aptitude upgrade
 #aptitude install samba smbclient winbind krb5-doc krb5-user krb5-config

Windows server information

In this configuration I used the following windows info.

Domain name: is414

Fully qualified domain name: is414.com

Window domain controller: rkb-server

Kerberos setup

Open /etc/krb5.conf

add the following lines to the krb.conf file.

  • [libdeffaults]
    • default_realm = IS414
    [realms]
    • IS414.COM = {
      • kdc – rkb-server.is414.com admin_server – rkb-server.is414.com
      }
    [domain_realm]
    • kerberos.server = IS414.COM

After that has been completed do the following:

 #kinit administrator@IS414.COM

Verify that it worked by using the following command:

 #klist

Samba Setup

Open the samba configuration file /etc/samba/smb.conf and add the following:

  • [global]
    • security = ADS password server = rkb-server encrypt passwords = yes workgroup = IS414 realm = IS414.COM idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind separator = +

Creating a share in /etc/samba/smb.conf. Replace ?WindowsShare with any name you want. first create the folder:

 #mkdir /home/WindowsShare
 #chmod 777 /home/WindowsShare

Add the following in the /etc/samba/smb.conf

  • [?WindowsShare]

    • comment = Windows Share path = /home/WindowsShare read only = no create mask = 0775 directory mask = 0775 browsable = yes public = yes writeable = yes force create mode = 0775 force directory mode = 0775 force security mode = 0775 guest ok = no inherit permissions = yes nt acl support = yes

Test your configuration with the following command:

 #testparm -v

Now you must restart the samba deamon.

 # /etc/init.d/samba stop

Winbind configuration

Stop the winbind deamon.

 #/etc/init.d/winbind stop

edit the couple of lines of the /etc/nsswitch.conf file.

  • passwd: compat winbind group: compat winbind

Joining the Domain

start the samba and winbind deamons

 #/etc/init.d/samba start
 #/etc/init.d/winbind start

Join the domain with the following command

 #net ads join -U administrator

Test winbind with the following commands

 #wbinfo -u

The wbinfo – u should list the AD users

 #wbinfo – g 

The wbinfo – g should list the AD groups

All that is left is to test the connection from the server to verify that the share is working.