Domain authentication with Samba
Submitted by mbower on Wed, 2005-12-28 20:28.
Windows Network Admin (Advanced) | Communications | Debian Support | Support
I am attempting to set up a Debian server and use domain account as logins to the machine. I have been able to get things talking, such as Kerberos, and I have added the machine to the domain just fine. The PDC is running Server 2003. Here is what I have done and verified so far:
1. Configured smb.conf with winbind support
2. configured krb5.conf
3. tested and verified then added to domain with net ads join
4. verified that winbind is working using wginfo -u,wginfo -g
5. authenticated user through wginfo -a
Here are my samba config and the outputs when I verify:
[global]
workgroup = *my workgroup*
realm = *mydomain.WAN*
server string = %h server (Samba %v)
security = ADS
obey pam restrictions = Yes
password server = *my PDC ip*
passdb backend = tdbsam, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
client signing = No
client use spnego = No
dns proxy = No
wins server = *my wins server ip*
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
[homes]
comment = Home Directories
create mask = 0700
directory mask = 0700
browseable = No
[printers]
comment = All Printers
path = /tmp
create mask = 0700
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
sed-mymachinename:/home/myusername# smbd -b | grep LDAP
HAVE_LDAP_H
HAVE_LDAP
HAVE_LDAP_DOMAIN2HOSTLIST
HAVE_LDAP_INIT
HAVE_LDAP_INITIALIZE
HAVE_LDAP_SET_REBIND_PROC
HAVE_LIBLDAP
LDAP_SET_REBIND_PROC_ARGS
sed-mymachinename:/home/username# smbd -b | grep KRB
HAVE_KRB5_H
HAVE_ADDRTYPE_IN_KRB5_ADDRESS
HAVE_KRB5
HAVE_KRB5_AUTH_CON_SETUSERUSERKEY
HAVE_KRB5_C_ENCTYPE_COMPARE
HAVE_KRB5_ENCRYPT_BLOCK
HAVE_KRB5_ENCRYPT_DATA
HAVE_KRB5_FREE_DATA_CONTENTS
HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS
HAVE_KRB5_FREE_KTYPES
HAVE_KRB5_FREE_UNPARSED_NAME
HAVE_KRB5_GET_PERMITTED_ENCTYPES
HAVE_KRB5_KEYBLOCK_IN_CREDS
HAVE_KRB5_KEYTAB_ENTRY_KEY
HAVE_KRB5_KT_FREE_ENTRY
HAVE_KRB5_LOCATE_KDC
HAVE_KRB5_MK_REQ_EXTENDED
HAVE_KRB5_PRINCIPAL2SALT
HAVE_KRB5_PRINC_COMPONENT
HAVE_KRB5_SET_DEFAULT_TGS_KTYPES
HAVE_KRB5_SET_REAL_TIME
HAVE_KRB5_STRING_TO_KEY
HAVE_KRB5_TKT_ENC_PART2
HAVE_KRB5_USE_ENCTYPE
HAVE_LIBGSSAPI_KRB5
HAVE_LIBKRB5
sed-mymachinename:/home/username# smbd -b | grep ADS
WITH_ADS
WITH_ADS
sed-mymachinename:/home/username# smbd -b | grep WINBIND
WITH_WINBIND
WITH_WINBIND
Testing Kerberos
sed-mymachinename:/home/username# kinit *DomainAccount*
Password for *DomainAccount*@mydomain.WAN:
sed-mymachinename:/home/username#
Testing Samba
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Recent comments
51 weeks 6 days ago
1 year 10 weeks ago
1 year 10 weeks ago
1 year 15 weeks ago
1 year 21 weeks ago
1 year 24 weeks ago
1 year 36 weeks ago
1 year 36 weeks ago
1 year 36 weeks ago
1 year 51 weeks ago