[Wolves] Samba in an Active Directories environment

Simon Morris mozrat at gmail.com
Thu Nov 17 15:22:37 GMT 2005


On 17/11/05, Ian Harper <idharper at gmail.com> wrote:
> Has anyone any practical experience of implementing samba on Linux
> servers with user verification from an Active Directory server ?
>
> If so could you offer me some pointers as my parent company have
> decided to implement AD (not my choice) in the next few months and I
> need to modify our samba servers ASAP to be ready for a quick smooth
> change over.

Hello Ian.

Yes, I have.

Some tips - and I'm happy to provide more help as you need it but I
can't write a full howto this second.....

* Don't worry about any sort of pam_ldap lookups - that is a bit of a
red herring ( it works but it is the harder route to success )

* Don't worry about SFU on the MS side - another Red Herring unless
you want to use NFS on Windows

* You need to use Winbind to enumerate users and groups. Winbind
supplies attributes that  Linux needs to operate that are missing in
A.D. (uid, gid, homedirectory etc)

* Most of winbinds configuration is in smb.conf (check your distro for
where this is)

* The REALM=DOMAIN.COM configuration is important in smb.conf and may
not be there by default, and upper case is also important. Also
security=ads

* You need to include winbind in your /etc/nsswitch.conf file to the
system knows how to lookup AD names

* Configure PAM to use Winbind

* use the `net' command to add your machine into AD. If your smb.conf
command is correct it will know which domain to join to.

Loads of more information to give you, but no time this afternoon!

Feel free to ask more

--
~sm
Jabber: mozrat at gmail.com
www: http://beerandspeech.org



More information about the Wolves mailing list