Dale Schroeder
2006-Oct-10 18:38 UTC
[Fwd: Re: [Samba] Authenticating Linux Against AD with Winbind]
Jason, I used these. http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1 Dale -------- Original Message -------- Subject: Re: [Samba] Authenticating Linux Against AD with Winbind Date: Tue, 10 Oct 2006 11:43:11 -0400 From: Aaron Kincer <kincera@gmail.com> To: Jason Rotunno <jrotunno@swarthmore.edu> CC: samba@lists.samba.org References: <D1587DCF6294524BAFA2C9944312FCC82F5929@city-exch-w3e.cbj.local> <452BA4DB.40206@swarthmore.edu> There are how-tos out there that clearly highlight what you have to do in order to get authentication against Active Directory. You need to use Google (or some other search engine) effectively to find them. I can tell you that in order to have proper AD authentication, you must absolutely use: security = ads If you use that string in a search engine along with a few other key words pertinent to your environment, you will likely find all you need to get started. Hope that helps. It would also help if you took some time over lunch (or two) to peruse through the smb.conf documentation and read about each option. I know people hate to hear anything like RTFM, but it will help you gain better understanding. By the way, Microsoft Active Directory (native 2000/2003 domains) authentication is, by definition, Kerberos based. So whether you know it or not, you do in fact use Kerberos. http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/security/kerberos.mspx Jason Rotunno wrote:> James Zuelow wrote: >> You're trying to authenticate against active directory: >> >> >>> I'm trying to set up a Linux box to authenticate users against AD >> >> But your config doesn't agree with you: >> >> >>> security = server >>> >> >> And you may have cut them out, but I see no realm entry to specify the >> AD domain. >> > > Thanks for the reply. I'm a bit confused, though. The how-to doesn't > say anything about either of these options. Actually, I checked a > number of different how-tos and docs and some include them, while > others don't. (??) Also, sorry for my lack of knowledge but realm > refers to the kerberos realm, correct? We don't use kerberos and I was > under the impression that it wasn't necessary, since some docs (such > as the one I'm using) don't mention anything about it. > > Thanks for your help, > Jason-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.407 / Virus Database: 268.13.1/470 - Release Date: 10/10/2006 -- Dale Schroeder Technical Issues Del Sol Food Company, Inc. (979)836-5978(979) 836-5978
Aaron Kincer
2006-Oct-10 19:01 UTC
[Fwd: Re: [Samba] Authenticating Linux Against AD with Winbind]
Here's what I used for Ubuntu and it worked like a charm: http://ubuntuforums.org/archive/index.php/t-91510.html Dale Schroeder wrote:> Jason, > > I used these. > > http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 > > http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1 > > > > Dale > > -------- Original Message -------- > Subject: Re: [Samba] Authenticating Linux Against AD with Winbind > Date: Tue, 10 Oct 2006 11:43:11 -0400 > From: Aaron Kincer <kincera@gmail.com> > To: Jason Rotunno <jrotunno@swarthmore.edu> > CC: samba@lists.samba.org > References: > <D1587DCF6294524BAFA2C9944312FCC82F5929@city-exch-w3e.cbj.local> > <452BA4DB.40206@swarthmore.edu> > > > > There are how-tos out there that clearly highlight what you have to do > in order to get authentication against Active Directory. You need to > use Google (or some other search engine) effectively to find them. I > can tell you that in order to have proper AD authentication, you must > absolutely use: > > security = ads > > If you use that string in a search engine along with a few other key > words pertinent to your environment, you will likely find all you need > to get started. > > Hope that helps. It would also help if you took some time over lunch > (or two) to peruse through the smb.conf documentation and read about > each option. I know people hate to hear anything like RTFM, but it > will help you gain better understanding. > > By the way, Microsoft Active Directory (native 2000/2003 domains) > authentication is, by definition, Kerberos based. So whether you know > it or not, you do in fact use Kerberos. > > http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/security/kerberos.mspx > > > > Jason Rotunno wrote: >> James Zuelow wrote: >>> You're trying to authenticate against active directory: >>> >>> >>>> I'm trying to set up a Linux box to authenticate users against AD >>> >>> But your config doesn't agree with you: >>> >>> >>>> security = server >>>> >>> >>> And you may have cut them out, but I see no realm entry to specify the >>> AD domain. >>> >> >> Thanks for the reply. I'm a bit confused, though. The how-to doesn't >> say anything about either of these options. Actually, I checked a >> number of different how-tos and docs and some include them, while >> others don't. (??) Also, sorry for my lack of knowledge but realm >> refers to the kerberos realm, correct? We don't use kerberos and I >> was under the impression that it wasn't necessary, since some docs >> (such as the one I'm using) don't mention anything about it. >> >> Thanks for your help, >> Jason >