On Thu, 20 Feb 2003, Alexander Skwar wrote: > Hello. > > I'd like to join a Samba 3.0 alpha 21 server running on RedHat 8.0 to an > Active Directory. This AD does NOT support Windows NT 4.0 Domains. > > In a previous mail, I've been asked if I already have Kerberos setup and > tested. I don't. How do I test if Kerberos is working correctly for me?
As someone suggested, use 'kinit username@REALM'. You asked in another post how to find out your KDC server: every domain controller is also a KDC, so you should use that. If you get a Kerberos TGT, you have Kerberos working. > If everything is working fine, I'd like the Samba server to join the AD > "europe.delphiauto.net". For this, I should type "net ads join". How > do I specify, which AD is to be joined? In your smb.conf, you should have the lines: security = ADS realm = YOUR_KERBEROS_REALM.EXAMPLE.COM ads server = your_domain_controller.example.com > And if this is also working, I'd like to be able to login to the Samba > server with a username/password which is ONLY in the AD. Do I need any > special privileges in the AD for the server? I don't know what you mean by "special privileges", but I think not. When doing 'net ads join', you must have a TGT for a user that has the required privileges to add a machine account and alter some attributes (a Domain Admin account will do). > When this is also working, I'd like offer shares. However, not every > user should be allowed to "mount" every share - IOW: restriction should > be done on a per user basis. If I maintain a local smbpasswd, I know > that this shouldn't be a problem - but what if I use AD to do the > authentication? Restrictions can be done on a per user basis, see 'man smb.conf', especially things such as 'valid users'. When you use 'security = ADS', this is also not a problem. Antti -- [EMAIL PROTECTED] Helsinki University of Technology Computing Centre -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
