Excellent. The only stumbling block here was that realm should be the full realm name and not just the short version.
Thanks a bunch! On Thu, Jul 31, 2008 at 2:19 PM, kissg <[EMAIL PROTECTED]> wrote: > You can join your Samba server to your AD domain as a member server. It > should work with Samba 3. The basic steps you have to take: > > 1, Install the Kerberos libraries (I have already tried Heimdal Kerberos, > it's known to work) > Look for the appropriate client package in your package manager. If you use > any recent distribution, this shouldn't be a problem. For example, in > Ubuntu, the name of the required package is "libkrb5-22-heimdal". Also, make > sure you have installed the winbind package (in case it is shipped as a > separate package in your distribution). > > 2, Configure Samba to act as an AD member server: > > # Lines to add or change in the smb.conf file: > [globals] > realm = <the name of your AD domain> > security = ADS > ldap ssl = No > template shell = /bin/bash > winbind separator = + > idmap uid = 10000-20000 > idmap gid = 10000-20000 > > 3, Restart Samba daemons and join your server to the domain: > > net ads join -UAdministrator%password > > You should get a feedback after issuing this command, which tells you, that > your host has been successfully joined to the domain. > > 4, Enable your system to resolve user and group names using LDAP by editing > the following lines in /etc/nsswitch.conf: > > passwd: files ldap > shadow: files ldap > group: files ldap > > It's very important to have a properly configured DNS server on your > network and to ensure, that local name resolution works fine on your Samba > host. > > You may read more in chapter 7.3.4 of the Samba 3 By Example guide, which > is available at: http://us1.samba.org/samba/docs/man/Samba-Guide/ > > Best Regards: > Gergely Kiss > > -- moo. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
