Personal tools
You are here: Home Tools How to set up a Samba server for Active Directory authentication
 
Document Actions

How to set up a Samba server for Active Directory authentication

last modified 2007-02-19 05:28 PM

Most of the necessary steps are described on this web page. The key steps are as follows:

  1. Make sure the machine is in your local DNS . This also requires a reverse PTR record.
  2. Make sure the /etc/network/interface file is set up as follows:: 
          auto eth0
      #iface eth0 inet dhcp
      iface eth0 inet static
      address 192.168.2.[proper number which is in DNS]
      gateway 192.168.2.1
      netmask 255.255.255.0
      network 192.168.2.0
      broadcast 192.168.2.255
  3. Make sure /etc/resolv.conf contains the following:: 
          search <your local domain>
      nameserver <your local DNS server>
  4. Make sure Ubuntu sources are set up to include the "Universe" repository. Then install the following packages:: 
       samba
   smbclient
   smbfs
   smbldap-tools
   winbind
   krb5-config
   krb5-user
  5. Configure /etc/samba/smb.conf . Key thing is to add domain.
  6. Configure /etc/krb5.conf . Key thing is to add domain.
  7. Get a kerboros key by running:: 
          # net ads join -U Administrator%password

      Where "password" is <your Windows Domain>\Administrator password.
      If you leave off "password" you will be prompted for it and it won't be in the history.
  8. You can permanently add the password with the following command (I am not sure if you need to do both):: 
          # wbinfo --set-auth-user=DOMAIN\\administrator%password

      See comment above regarding "%password"
  9. Configure /etc/nsswitch.conf
  10. Restart samba and winbindd: 
          # /etc/init.d/samba restart
      # /etc/init.d/winbind restart
  11. Test winbind is working properly: 
          # wbinfo -u
      # wbinfo -g
  12. Add domain users and groups to /etc/passwd and /etc/group with the following commands:: 
          # getent passwd
      # getent group
  13. To check if worked try the following: 
          # cat /etc/passwd
      # cd ; touch test
      # chown "your Windows Domain"+atrauring test
      # ls -al test
  14. In /etc/pam.d/ make a copy of the original login file. Then configure /etc/pam.d/login .
  15. Add shares.
    • Make sure the share disk has group "your Windows Domain"+domain users
    • chmod 770 for directory
    • Use webmin to set up share. Set default permissions to 770 and make sure share is writeable.
  16. Test by connecting to Share in Windows and adding a directory. On Linux side the share should have Domain owner and group and 770 privileges.
 
Powered by Plone CMS, the Open Source Content Management System

This site conforms to the following standards: