Re: [Samba] security = ADS - IT WORKS!!!!!!!!!
sorry about that last email that did not contain the resource i used. I think it was because i copied the contents of a website which could have been considered advertisement because of some of images. In either case enjoy: http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory - Original Message - From: Rashaad S. Hyndman [EMAIL PROTECTED] To: Rashaad S. Hyndman [EMAIL PROTECTED]; Tom Skeren [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, July 23, 2004 2:18 PM Subject: Re: [Samba] security = ADS - IT WORKS! Halleluiah! It works. With all the documentation I've read including the official samba-3 howto for setting up ADS none of them mentioned what happened to be the most critical piece of information, winbind! Now I've seen a couple post that mentioned this daemon but it was not included in the official howto's so I skipped over it. In Either case I've included the article that I used to get my samba ADS implementation working. If you have followed other howto's you have probably got 99% of the work done. If you happen to have more questions please feel free to email me and I'll dictate exactly what I have in my environment. Thanks for your input, R. Howto Samba 3 And Active Directory G o o g l e users: We have detected that you were searching for howto samba ads. The Waikato Linux Users Group hope that this page answers your questions, but, if it doesn't, we politely request that if/when you find the answer to your question you contibute your information back into this Wiki (via the Edit button at the bottom of the page) so that others can also find this information easier. We also suggest that if this page doesn't answer your question, try Searching the wiki, or, to find pages similar to this one, try or . What's this? It's a near-copy of ActiveDirectorySamba, but not linked from anywhere and with a lot of stuff deleted? Please don't DisagreeByDeleting. Can someone who has Samba3 experience shed light on the changes between this page and the other? --AristotlePagaltzis ActiveDirectorySamba is a correct howto for setting up Samba 3 with ActiveDirectory. So it's basically a copy paste from there to here and delete the other. -- GerwinVanDeSteeg -- This simple guide is a mostly accurate way to set up a Samba machine as a DomainMember in a Windows 2000 or Windows 2003 ActiveDirectory Domain. The following setup is used: 192.168.0.1 test1.thinclient.test.org (the AD server, hereafter known as the server) 192.168.0.209 mail.thinclient.test.org (samba3 machine) The Samba system is based upon a stock standard RedHat 9 system with the samba software upgraded to Samba3 (using RPM) The following steps are needed to get the system functioning: 1.. configure name resolution using either dns or a hosts file 2.. configure samba and winbindd 3.. configure kerberos 4.. testing the kerberos configuration 5.. good luck Configure name resolution ActiveDirectory relies HEAVILY on DNS to resolve not only host names but services they provide as well. To set up DNS on the linux box, see the DNSHowTo, otherwise consult necessary Windows documentation on setting up forward AND reverse DNS zones. As a temporarily solution, you can use hosts based authentication, this is ugly and hacky, and should be avoided at all costs. -- JamesSpooner The first step is to configure name resolution for our systems. The kerberos authentication system, which we will configure later on, requires us to be able to do a reverse lookup on an IP address to get a fully qualified domain name (FQDN). There are two ways to do this, the cheap and nasty method is to use a hosts file on both systems, which will have entries similar to the following. Samba machine /etc/hosts 127.0.0.1 mailmail.thinclient.test.org localhost.localdomain localhost 192.168.0.1 test1 test1.thinclient.test.org 192.168.0.209 mailmail.thinclient.test.org Surely it would be better to put the FQDN first, and not alias localhost to a name other than localhost? -- PerryLorier Windows Active Directory server %Systemroot%\System32\drivers\etc\hosts[1] 127.0.0.1 test1 test1.thinclient.test.org localhost.localdomain localhost 192.168.0.1 test1 test1.thinclient.test.org 192.168.0.209 mailmail.thinclient.test.org The correct method is to setup DNS on the server which can be done through the DNS console in the AdministrativeTools section of Windows 2000/2003 Server. We won't go into the details of setting this up here, but we will specify the linux side of that here. /etc/resolv.conf search thinclient.test.org
Re: [Samba] security = ADS - IT WORKS!!!!!!!!!
Rashaad, While all this is fresh in your mind, and you are still and expert, would you please send me patches for the Samba-HOWTO-Collection and for Samba-Guide so that we can update the documentation. By fixing the documentation others may avoid the pain you went through. - John T. On Friday 23 July 2004 12:40, Rashaad S. Hyndman wrote: sorry about that last email that did not contain the resource i used. I think it was because i copied the contents of a website which could have been considered advertisement because of some of images. In either case enjoy: http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory - Original Message - From: Rashaad S. Hyndman [EMAIL PROTECTED] To: Rashaad S. Hyndman [EMAIL PROTECTED]; Tom Skeren [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, July 23, 2004 2:18 PM Subject: Re: [Samba] security = ADS - IT WORKS! Halleluiah! It works. With all the documentation I've read including the official samba-3 howto for setting up ADS none of them mentioned what happened to be the most critical piece of information, winbind! Now I've seen a couple post that mentioned this daemon but it was not included in the official howto's so I skipped over it. In Either case I've included the article that I used to get my samba ADS implementation working. If you have followed other howto's you have probably got 99% of the work done. If you happen to have more questions please feel free to email me and I'll dictate exactly what I have in my environment. Thanks for your input, R. Howto Samba 3 And Active Directory G o o g l e users: We have detected that you were searching for howto samba ads. The Waikato Linux Users Group hope that this page answers your questions, but, if it doesn't, we politely request that if/when you find the answer to your question you contibute your information back into this Wiki (via the Edit button at the bottom of the page) so that others can also find this information easier. We also suggest that if this page doesn't answer your question, try Searching the wiki, or, to find pages similar to this one, try or . What's this? It's a near-copy of ActiveDirectorySamba, but not linked from anywhere and with a lot of stuff deleted? Please don't DisagreeByDeleting. Can someone who has Samba3 experience shed light on the changes between this page and the other? --AristotlePagaltzis ActiveDirectorySamba is a correct howto for setting up Samba 3 with ActiveDirectory. So it's basically a copy paste from there to here and delete the other. -- GerwinVanDeSteeg - - This simple guide is a mostly accurate way to set up a Samba machine as a DomainMember in a Windows 2000 or Windows 2003 ActiveDirectory Domain. The following setup is used: 192.168.0.1 test1.thinclient.test.org (the AD server, hereafter known as the server) 192.168.0.209 mail.thinclient.test.org (samba3 machine) The Samba system is based upon a stock standard RedHat 9 system with the samba software upgraded to Samba3 (using RPM) The following steps are needed to get the system functioning: 1.. configure name resolution using either dns or a hosts file 2.. configure samba and winbindd 3.. configure kerberos 4.. testing the kerberos configuration 5.. good luck Configure name resolution ActiveDirectory relies HEAVILY on DNS to resolve not only host names but services they provide as well. To set up DNS on the linux box, see the DNSHowTo, otherwise consult necessary Windows documentation on setting up forward AND reverse DNS zones. As a temporarily solution, you can use hosts based authentication, this is ugly and hacky, and should be avoided at all costs. -- JamesSpooner The first step is to configure name resolution for our systems. The kerberos authentication system, which we will configure later on, requires us to be able to do a reverse lookup on an IP address to get a fully qualified domain name (FQDN). There are two ways to do this, the cheap and nasty method is to use a hosts file on both systems, which will have entries similar to the following. Samba machine /etc/hosts 127.0.0.1 mailmail.thinclient.test.org localhost.localdomain localhost 192.168.0.1 test1 test1.thinclient.test.org 192.168.0.209 mailmail.thinclient.test.org Surely it would be better to put the FQDN first, and not alias localhost to a name other than localhost? -- PerryLorier Windows Active Directory server %Systemroot%\System32\drivers\etc\hosts[1] 127.0.0.1 test1 test1.thinclient.test.org
Re: [Samba] security = ADS - IT WORKS!!!!!!!!!
For sure. I'll do that on the weekend! - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: Rashaad S. Hyndman [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, July 23, 2004 3:05 PM Subject: Re: [Samba] security = ADS - IT WORKS! Rashaad, While all this is fresh in your mind, and you are still and expert, would you please send me patches for the Samba-HOWTO-Collection and for Samba-Guide so that we can update the documentation. By fixing the documentation others may avoid the pain you went through. - John T. On Friday 23 July 2004 12:40, Rashaad S. Hyndman wrote: sorry about that last email that did not contain the resource i used. I think it was because i copied the contents of a website which could have been considered advertisement because of some of images. In either case enjoy: http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory - Original Message - From: Rashaad S. Hyndman [EMAIL PROTECTED] To: Rashaad S. Hyndman [EMAIL PROTECTED]; Tom Skeren [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, July 23, 2004 2:18 PM Subject: Re: [Samba] security = ADS - IT WORKS! Halleluiah! It works. With all the documentation I've read including the official samba-3 howto for setting up ADS none of them mentioned what happened to be the most critical piece of information, winbind! Now I've seen a couple post that mentioned this daemon but it was not included in the official howto's so I skipped over it. In Either case I've included the article that I used to get my samba ADS implementation working. If you have followed other howto's you have probably got 99% of the work done. If you happen to have more questions please feel free to email me and I'll dictate exactly what I have in my environment. Thanks for your input, R. Howto Samba 3 And Active Directory G o o g l e users: We have detected that you were searching for howto samba ads. The Waikato Linux Users Group hope that this page answers your questions, but, if it doesn't, we politely request that if/when you find the answer to your question you contibute your information back into this Wiki (via the Edit button at the bottom of the page) so that others can also find this information easier. We also suggest that if this page doesn't answer your question, try Searching the wiki, or, to find pages similar to this one, try or . What's this? It's a near-copy of ActiveDirectorySamba, but not linked from anywhere and with a lot of stuff deleted? Please don't DisagreeByDeleting. Can someone who has Samba3 experience shed light on the changes between this page and the other? --AristotlePagaltzis ActiveDirectorySamba is a correct howto for setting up Samba 3 with ActiveDirectory. So it's basically a copy paste from there to here and delete the other. -- GerwinVanDeSteeg - - This simple guide is a mostly accurate way to set up a Samba machine as a DomainMember in a Windows 2000 or Windows 2003 ActiveDirectory Domain. The following setup is used: 192.168.0.1 test1.thinclient.test.org (the AD server, hereafter known as the server) 192.168.0.209 mail.thinclient.test.org (samba3 machine) The Samba system is based upon a stock standard RedHat 9 system with the samba software upgraded to Samba3 (using RPM) The following steps are needed to get the system functioning: 1.. configure name resolution using either dns or a hosts file 2.. configure samba and winbindd 3.. configure kerberos 4.. testing the kerberos configuration 5.. good luck Configure name resolution ActiveDirectory relies HEAVILY on DNS to resolve not only host names but services they provide as well. To set up DNS on the linux box, see the DNSHowTo, otherwise consult necessary Windows documentation on setting up forward AND reverse DNS zones. As a temporarily solution, you can use hosts based authentication, this is ugly and hacky, and should be avoided at all costs. -- JamesSpooner The first step is to configure name resolution for our systems. The kerberos authentication system, which we will configure later on, requires us to be able to do a reverse lookup on an IP address to get a fully qualified domain name (FQDN). There are two ways to do this, the cheap and nasty method is to use a hosts file on both systems, which will have entries similar to the following. Samba machine /etc/hosts 127.0.0.1 mailmail.thinclient.test.org localhost.localdomain localhost