This is my first step into the world of samba and I was wondering if
the members of the group wouldn't mind casting a quick eye on my
setup.
Essentially we just want Samba integrated with AD so we can access the
Unix file systems.
Any comment will be gratefully received...!
Cheers,
Kristian
Everything seems to work, although we do get these errors:
[2008/08/08 11:41:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(474)
Username ABC+MYMACHINE$ is invalid on this system
[2008/08/08 11:50:24, 1] libsmb/clientgen.c:cli_rpc_pipe_close(559)
cli_rpc_pipe_close: cli_close failed on pipe \lsarpc, fnum 0x800f to
machine abcosdcmp01.ad.abc.local. Error was SUCCESS - 0
[2008/08/08 11:50:24, 1] libsmb/clientgen.c:cli_rpc_pipe_close(559)
cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x4023
to machine abcosdcmp01.ad.abc.local. Error was SUCCESS - 0
Samba server is CentOS 4.4
Samba version is 3.2.1
remove all samba rpms
./configure --prefix=/disk1/samba --with-ads --with-krb5 --with-pam
--with-winbind \
--with-syslog --with-quotas --with-acl-support --with-automount
--with-cifsmount \
--with-aio --enable-socket-wrapper --with-configdir=/etc/samba
--with-logfilebase=/var/log/samba
make
make install
cd /disk1/samba/lib
ln -s libtalloc.so libtalloc.so.1
ln -s libtdb.so libtdb.so.1
ln -s libwbclient.so libwbclient.so.0
add to root account ~/.bashrc
export PATH=/disk1/samba/bin:$PATH
export LD_LIBRARY_PATH=/disk1/samba/lib
/etc/init.d/samba start #(contains winbind too)
net ads join -Udomain_admin%"password"
FIN.
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = AD.ABC.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
[libdefaults]
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac
permitted_enctypes = rc4-hmac
[realms]
AD.ABC.LOCAL = {
kdc = abcosdcmp03.ad.abc.local:88
admin_server = abcosdcmp03.ad.abc.local:389
default_domain = ad.abc.local
}
[domain_realm]
.ad.abc.local = .AD.ABC.LOCAL
ad.abc.local = AD.ABC.LOCAL
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
/etc/nsswitch.conf
passwd: files winbind nisplus nis
shadow: files winbind nisplus nis
group: files winbind nisplus nis
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files dns
protocols: files
rpc: files
services: files
netgroup: nis
publickey: files
automount: files
aliases: files
/etc/samba/smb.conf
[global]
unix charset = LOCALE
workgroup = ABC
realm = AD.ABC.LOCAL
password server = *
netbios name = satansgate
server string = satansgate %v on (%I)
security = ADS
local master = no
os level = 33
log level = 1
syslog = 1
log file = /var/log/samba/%m
max log size = 50
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
socket options = TCP_NODELAY
