James and others: I have attached my HOWTO (in plaintext) to this e-mail. I have also included my smb.conf file.
Keep in mind that this all refers to *my* network, so you'll need to substitute things for your setup. One other thing that should be mentioned - this smb.conf file is from my test machine that is going in as a "router". This means it has two NICs in it. I have bound Samba to the internal interface and Loopback interface to make it work. General "if it breaks, it ain't my fault" rules apply :-) I truly hope this helps someone. Kevin > -----Original Message----- > From: James Lamanna [mailto:jamesl@;appliedminds.net] > Sent: Thursday, November 07, 2002 2:31 PM > To: 'Collins, Kevin' > Subject: RE: [Samba] Problems authentication with NT PDCs in > security = > server (was sercurity = user) > > > Sure, that would be great. > > Thanks a lot. > --James > > -----Original Message----- > From: Collins, Kevin [mailto:KCollins@;nesbittengineering.com] > Sent: Thursday, November 07, 2002 11:25 AM > To: 'James Lamanna'; [EMAIL PROTECTED] > Subject: RE: [Samba] Problems authentication with NT PDCs in > security = > server (was sercurity = user) > > > James: > > I use Winnind to authenticate users from the Windows PDC - I have no > UNIX users. > > Have you looked at this? I've got an informal HOWTO if you'd like it. > > Thanks, > > Kevin L. Collins, MCSE > Systems Manager > Nesbitt Engineering, Inc. > > > > -----Original Message----- > > From: James Lamanna [mailto:jamesl@;appliedminds.net] > > Sent: Thursday, November 07, 2002 2:16 PM > > To: [EMAIL PROTECTED] > > Subject: [Samba] Problems authentication with NT PDCs in security = > > server (was sercurity = user) > > > > > > I wanted to avoid having to create a machine account on the PDC and > > having UNIX accounts for everyone. > > > > > > > Try: > > > > > security = domain > > > password server = network name of dc > > > encrypt passwords = yes > > > workgroup = domainname > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > >
smb.conf
Description: Binary data
Samba Server HOWTO � Samba and Winbind Install Red Hat Linux 7.3 � Vanilla Server with Windows Server packages. This installs Samba 2.2.5a. Download Samba 2.2.6 � latest version at this time. I got both the Red Hat RPM and the Source as well. 1). Compile the Source code for Samba 2.2.6 Untar and un-gzip the source file into the /usr/src/samba 2.2.6 directory. #cd /usr/src #tar �zxvf <path to/samba *.gz filename> #cd /usr/src/samba 2.2.6/source directory #make clean � fails because Samba�s never been compiled before. #rm config.cache � fails because Samba�s never been compiled before. #./configure --with-winbind � This is the difference between the standard Red Hat RPM and the way things need to be. This creates the WINBIND libraries used below. #make � compiles the code. 2). At this point I removed the existing Samba 2.2.5a setup and installed the new Samba 2.2.6 with the commands: # rpm -e samba # rpm -e samba-client # rpm -e samba-swat <-- This didn�t exist by default. # rpm -e samba-common # cd /<to where the binary RPM is stored> # rpm -ivh <samba RPM filename> 3). Copy the WINBIND libraries to the proper place so the WINDBINDD daemon can access them when needed. # cd /usr/src/samba 2.2.6/source/nsswitch # cp libnss_winbind.so /lib # ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 4). Edit the /etc/nsswitch.conf file to utilize WINBIND # cd /etc # pico nsswitch.conf Look for a lines reading �passwd� and �group� and include �winbind� in the list of authenticators. ** Reboot the machine for these changes to take effect. ** 5). Configure the smb.conf file in the /etc/samba folder. Be sure to have these lines: winbind separator = + winbind uid = 10000-20000 winbind gid = 10000-20000 winbind cache time = 10 template shell = /bin/bash template homedir = /home/%D/%U These settings allow WINBIND to function properly. Be sure to run testparm after the changes are made. 6). Join the Samba server to the domain � with the following command # smbpasswd -j DOMAINNAME -r PDCNAME -U ADMINUSERNAME If this is successful it will return �Joined domain: DOMAINNAME� 7). Modify the smb startup file # cd /etc/init.d # pico smb <-- This starts a console based test editor Make the following changes Add daemon /usr/sbin/winbindd �s /etc/samba/smb.conf under the line that reads daemon nmbd �D in the �start� section. Add killproc winbindd after the line killproc nmbd in the �stop� section. These changes allow the WINBIND daemon to start and stop when the Samba service does. 8). Start Samba # service smb start If things went well, you should see and [ OK ] proclaiming the services started. To test this you can run these commands: # ps -ax | grep mbd <-- should return both smbd and nmbd as running # ps -ax | grep winbindd <-- should return both winbindd as running At this point the server should be running. A couple of final tests: # gentnt passwd <-- should see domain users in the list in the form DOMAIN+User # getent group <-- should see domain groups in the list in the form DOMAIN+Group 9). Final settings: Making sure the setup survives a reboot. # chkconfig smb �level 35 on This should make Samba start during boot up on run levels 3 and 5 (console and GUI) If you reboot the system now, and run the previous tests, the daemons should still be running. One other note � all of the above procedures need to be run with �root� access to the machine.
smime.p7s
Description: application/pkcs7-signature
