thr3ads.net - samba - [Samba] Samba working in Active Directory .config's included [Dec 2003]

If this information is useful, please help other people find it:
Share via:
Tim jordan
2003-Dec-20 00:32 UTC
[Samba] Samba working in Active Directory .config's included

I'm struggling just as much as the next person on this setup.  Although;
I do have it working under Mandrake 9.2 with Samba3.0.pre1.

Perhaps we can work together and figure out what is different between
setups.

smb.conf:
> #======================= Global Settings
====================================> [global]
> 
> # 1. Server Naming Options:
>    workgroup = LABOR
>    realm = LABOR.AK
>    server string = Samba Server %v
> # 2. Printing Options:
>    printcap name = cups
>    load printers = yes
>    printing = cups
> # This should work well for winbind:
>   printer admin = @"Domain Admins"
> 
> # 3. Logging Options:
>    log file = /var/log/samba3/log.%m
>    max log size = 50
>    log level = 5
> 
> # 4. Security and Domain Membership Options:
>    security = ads
>    password server = ipaddress of w2k pdc
>    encrypt passwords = yes
> 
> # 5. Winbind
>    winbind uid = 10000-20000
>    winbind gid = 10000-20000
>    winbind use default domain = yes
>    allow trusted domains = no
>    template homedir = /home/%D/%U
>    obey pam restrictions = yes
>    template shell = /bin/bash
> 
> # 5. Browser Control and Networking Options:
>    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>    local master = no
>    os level = 0
>    domain master = no
>    preferred master = no
> /etc/pam.d/samba
> 
> #%PAM-1.0
> > auth       required	/lib/security/pam_nologin.so
> > auth       required	/lib/security/pam_stack.so service=system-auth
> > account    required	/lib/security/pam_stack.so service=system-auth
> > session    required	/lib/security/pam_stack.so service=system-auth
> > 
> /etc/pam.d/system-auth
> #%PAM-1.0
> auth       required	/lib/security/pam_nologin.so
> auth       required	/lib/security/pam_stack.so service=system-auth
> account    required	/lib/security/pam_stack.so service=system-auth
> session    required	/lib/security/pam_stack.so service=system-auth
> # 6. Domain Control Options:
>    domain logons = no
>    add user script = /usr/sbin/useradd -s /bin/false '%u'
>    idmap uid = 10000-20000
>    idmap gid = 10000-20000
> 
> 
> # 7. Name Resolution Options:
>    name resolve order = wins lmhosts bcast
>    wins server = ipaddress of wins server
>    dns proxy = no 
> 
> 
> #============================ Share Definitions
=============================> [Domain Admins]
>    comment = Private Directory
>    path = /private
>    valid users =@"Domain Admins"
>    public = no
>    writable = yes
>    printable = no  
> [Temp]
>    comment = Temporary file space
>    path = /tmp
>    read only = no
>    public = yes
> 
> [Gentoo]
>    comment = Gentoo resources
>    path = /samba/gentoo
>    public = yes
>    writable = no
>    write list = "@Domain Admins"


krb5.conf:


> 	logging]
>  default = FILE:/var/log/kerberos/krb5libs.log
>  kdc = FILE:/var/log/kerberos/krb5kdc.log
>  admin_server = FILE:/var/log/kerberos/kadmind.log
> 
> [libdefaults]
>  ticket_lifetime = 24000
>  default_realm = LABOR.AK
>  default_tgs_enctypes = des-cbc-crc des-cbc-md5 
>  default_tkt_enctypes = des-cbc-crc des-cbc-md5 
> #permitted_enctypes = des-cbc-crc des-cbc-md5
>  dns_lookup_realm = false
>  dns_lookup_kdc = false
>  kdc_req_checksum_type = 2
>  checksum_type = 2
>  ccache_type = 1
>  forwardable = true
>  proxiable = true
> 
> [realms]
>  LABOR.AK = {
>   kdc = MYW2KPDC.LABOR.AK:88
>   admin_server = MYW2KPDC.LABOR.AK:749
>   default_domain = LABOR.AK
>  }
> 
> [domain_realm]
>  .LABOR.AK = LABOR.AK
> 
> [kdc]
>  profile = /etc/kerberos/krb5kdc/kdc.conf
> 
> [pam]
>  debug = false
>  ticket_lifetime = 36000
>  renew_lifetime = 36000 
>  forwardable = true
>  krb4_convert = false
> 
>  [login]
>  krb4_convert = false
>  krb4_get_tickets = false

Checking encryption type:

> # klist -e
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: TIM@LABOR.AK
> 
> Valid starting     Expires            Service principal
> 12/19/03 13:59:10  12/19/03 23:59:50  krbtgt/LABOR.AK@LABOR.AK
>         renew until 12/20/03 13:59:10, Etype (skey, tkt): DES cbc mode with
CRC-32, DES cbc mode with CRC-32
	



/etc/pam.d/login:

> #%PAM-1.0
> auth       required	/lib/security/pam_securetty.so
> auth       sufficient	/lib/security/pam_stack.so
service=system-auth-winbind
> auth       required	/lib/security/pam_nologin.so
> account    sufficient	/lib/security/pam_stack.so
service=system-auth-winbind
> password   required	/lib/security/pam_stack.so service=system-auth
> session    required	/lib/security/pam_stack.so service=system-auth
> session    optional	/lib/security/pam_console.so

/etc/pam.d/system-auth-winbind

> #%PAM-1.0
> 
> auth        required      /lib/security/pam_env.so
> auth        sufficient    /lib/security/pam_winbind.so
> auth        sufficient    /lib/security/pam_unix.so likeauth nullok
use_first_pass
> auth        required      /lib/security/pam_deny.so
> 
> account     sufficient    /lib/security/pam_winbind.so
> account     required      /lib/security/pam_unix.so
> 
> password    required      /lib/security/pam_cracklib.so retry=3
> password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow
> password    required      /lib/security/pam_deny.so
> 
> session     required      /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0022
> session     required      /lib/security/pam_limits.so
> session     required      /lib/security/pam_unix.so

/etc/nsswitch.conf

> passwd:     files  winbind
> shadow:     files nisplus nis
> group:      files  winbind
> 
> #hosts:     db files nisplus nis dns
> hosts:      files dns wins
Apparently Analagous Threads

Search for more possibly parallel threads
samba - Dec 2003 - Samba working in Active Directory .config's included

[Samba] Samba working in Active Directory .config's included

Apparently Analagous Threads

Wisdom of the Ancients
