Does Samba 3.0.2a release integrate with Windows Active Directory running in 2003 Native Mode? The situation is that two corporate departments are joining their network infrastructure. One department runs several Samba 2.2 servers and the other is a 2003 Native Mode Active Directory. I understand that if you upgrade to Samba 3.0 this supports Windows 2000 AD, but it is unclear to me if Samba will integrate seamlessly with 2003 Native Mode AD environment. I'm looking for a straight forward non biased, no BS answer. If it works cool, I'm not afraid of the overall work involved. Any help would be greatly appreciated. David Morse Network Administrator & Purchaser (703) 904-3132 (571) 214-7098 TREEV, LLC 13454 Sunrise Valley Drive Suite 400 Herndon,Va 20171
Exactly the question that I am trying to get answered, too. What I was able to accomplish: I setup Samba 3.0.2a and it was able to see the AD (users/groups) and join into the AD. BUT... I was not able to get people to authenticate against Samba. I kept getting a Kerberos ticket error, and I tried several configs that I found through Google, none worked. I am in the process of re-installing my AD (lab setup) into Mixed Mode to see if Native Mode was my problem. It seems as though finding a straight answer to this ? is not easy! Thanks, Scott Moseman -----Original Message----- From: samba-bounces+smoseman=novolink.net@lists.samba.org [mailto:samba-bounces+smoseman=novolink.net@lists.samba.org] On Behalf Of David Morse Sent: Friday, March 26, 2004 10:22 AM To: samba@lists.samba.org Subject: [Samba] Samba 3.0 & 2003 Active Directory Native Mode Does Samba 3.0.2a release integrate with Windows Active Directory running in 2003 Native Mode? The situation is that two corporate departments are joining their network infrastructure. One department runs several Samba 2.2 servers and the other is a 2003 Native Mode Active Directory. I understand that if you upgrade to Samba 3.0 this supports Windows 2000 AD, but it is unclear to me if Samba will integrate seamlessly with 2003 Native Mode AD environment. I'm looking for a straight forward non biased, no BS answer. If it works cool, I'm not afraid of the overall work involved. Any help would be greatly appreciated. David Morse --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.642 / Virus Database: 410 - Release Date: 3/24/2004
Daniel Magaña Molina
2004-Mar-26 22:08 UTC
[Samba] Samba 3.0 & 2003 Active Directory Native Mode
First i must say that i use SuSE 9.0 so i download the rpm's for SuSE libsmbclient-3.0.2a-30.i586.rpm libsmbclient-devel-3.0.2a-30.i586.rpm samba3-3.0.2a-30.i586.rpm samba3-client-3.0.2a-30.i586.rpm samba3-doc-3.0.2a-30.i586.rpm samba3-winbind-3.0.2a-30.i586.rpm and i got a GUI ksambaplugin-0.5-1.i386.rpm then i put this on my smb.conf [global] winbind separator = + winbind cache time = 10 winbind uid = 10000-20000 winbind gid = 10000-20000 template homedir = /home/winnt/%D/%U template shell = /bin/bash workgroup = THO security = domain restrict anonymous = no domain master = no preferred master = no max protocol = NT ldap ssl = No server signing = Auto encrypt passwords = yes add user script = /usr/sbin/useradd -d /home/winnt/%D/%U -s /bin/false -M %U #<------end globals----> then you havee to start your samba server rcsmb start and then start the winbind server winbindd and the you just have to join the domain net rpc join -U Administrator%password now you can try to reed the user list from the win server wbinfo -u or the group list wbinfo -g if evreriting goes ok so far you can import the users from the server getent passwd and the groups getent group so far you already got the users an groups list from the win server, now you have to create the service in this case i will put the ssh daemon to validate users the file /etc/pam.d/sshd shuld look like this #%PAM-1.0 auth sufficient /lib/security/pam_winbind.so account sufficient /lib/security/pam_winbind.so password sufficient /lib/security/pam_winbind.so session sufficient /lib/security/pam_winbind.so session required pam_unix2.so none # trace or debug session required pam_limits.so # Enable the following line to get resmgr support for # ssh sessions (see /usr/share/doc/packages/resmgr/README.SuSE) #session optional pam_resmgr.so fake_ttyname and thast is all, if you need more inf. just let me know On Friday 26 March 2004 08:22, David Morse wrote:> Does Samba 3.0.2a release integrate with Windows Active Directory > running in 2003 Native Mode? > > > > The situation is that two corporate departments are joining their > network infrastructure. One department runs several Samba 2.2 servers > and the other is a 2003 Native Mode Active Directory. I understand that > if you upgrade to Samba 3.0 this supports Windows 2000 AD, but it is > unclear to me if Samba will integrate seamlessly with 2003 Native Mode > AD environment. I'm looking for a straight forward non biased, no BS > answer. If it works cool, I'm not afraid of the overall work involved. > Any help would be greatly appreciated. > > > > > > > > > > > > > > > > > > David Morse > > Network Administrator & Purchaser > > (703) 904-3132 > > (571) 214-7098 > > > > TREEV, LLC > > 13454 Sunrise Valley Drive > > Suite 400 > > Herndon,Va 20171-- ------------------ Ing. Daniel Maga?a Molina Gnovus Networks & Software www.gnovus.com dan666@gnovus.com Merida, Yuc.
For the logs, I loaded Fedora using Kerberos 1.3.2 and the configs that I was previously using all work great. Thanks, Scott Moseman -----Original Message----- From: Andrew Bartlett [mailto:abartlet@samba.org] Sent: Friday, March 26, 2004 5:13 PM To: Scott Moseman Cc: samba@lists.samba.org Subject: RE: [Samba] Samba 3.0 & 2003 Active Directory Native Mode On Sat, 2004-03-27 at 09:22, Scott Moseman wrote:> > Well, my Red Hat box is joined to the AD and I am able to > login to my box using AD accounts. They are both talking. > My problem is that I cannot get Windows clients to see the > Samba shares without getting a "Access denied" message, in > the logs it shows a bunch of Kerberos/ticket errors. > > I am running krb5 1.2.4 and it appears that it is going to > be too much of a pain to upgrade to 1.3 without just going > to a new version of Red Hat (maybe Fedora, I guess). That > is going to be my next step, download and install Fedora. >That tends to be the solution - without krb5 1.3.1 there are just nasty bugs. It is meant to work, but... (And I am not a sufficient kerberos guru to understand exactly why) Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net