Re: [Samba] Adding FreeBSD Samba Server to windows 2003 ADS
Hi, It has been a while since I have looked at any of this. However, I do know you don't want to run a kdc on your FreeBSD server. Windows is the KDC. You do need to tell FreeBSD what realm you are in , and what the Windows ADS servers are: You might wish to try the following in your /etc/krb5.conf file: # /etc/krb5.conf [libdefaults] default_realm= EXAMPLE.COM forwardable = true default_tgs_enctypes = rc4-hmac des-cbc-crc default_tkt_enctypes = rc4-hmac des-cbc-crc [appdefaults] default_realm = EXAMPLE.COM pam = { forwardable = true krb4_convert = false debug= false } [realms] EXAMPLE.COM = { kdc = ads1.example.com:88 kdc = ads2.example.com:88 admin_server = ads1.example.com:749 kpasswd_server = ads1.example.com:464 kpasswd_protocol = SET_CHANGE default_domain = example.com } [domain_realm] example.com = EXAMPLE.COM .example.com = EXAMPLE.COM [logging] default = FILE:/var/log/krb5lib.log Also, you might want to try this link: http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html Eddie Alberto Moreno wrote: 2006/10/27, Guillermo Gutierrez [EMAIL PROTECTED]: Thank you for your response. I have not been successful in trying to do this. I have found a how-to doing this with winbind and ldap ut coud not get them to work. -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] On Behalf Of Alberto Moreno Sent: Thursday, October 26, 2006 11:51 PM To: samba@lists.samba.org Subject: Re: [Samba] Adding FreeBSD Samba Server to windows 2003 ADS 2006/3/29, Guillermo Gutierrez [EMAIL PROTECTED]: Hi, I am trying to add a FreeBSD 6.0 Samba Server to a windows 2003 ADS domain and utilize winbind/kerberos for authenticating domain users on it. I have already done this with a Gentoo Samba server (which after I realized how, turned out to be very easy) but it is a lot tougher to do with FreeBSD. Has anyone on the list had any experience with it. The samba in the FreeBSD ports is version 3.0.14a but I downloaded the source for 3.0.21cso that I can use the latest version. thanks, Guillermo Gutierrez Development Systems Engineer Market Scan Information Systems Inc. (818) 575-2000 x2427 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba HI Guillermo, im working on this, but i see that this post is from march, just want to know if you succed with this? Did have some tips about this situation? Is your system stable? May you show me your settings? I already installed samba on freebsd 6-1 from ports with ADS support, tomorrow i will try to add that machine to win2k3 AD domain, but my doubt is with the kerberos version that has freebsd by default, can we use that one..? We can enable krb5 from rc.conf, but we need all the optios there? # # kerberos. Do not run the admin daemons on slave servers # kerberos5_server_enable=NO # Run a kerberos 5 master server (or NO). kerberos5_server=/usr/libexec/kdc # path to kerberos 5 KDC kerberos5_server_flags= # Additional flags to the kerberos 5 server kadmind5_server_enable=NO # Run kadmind (or NO) kadmind5_server=/usr/libexec/kadmind # path to kerberos 5 admin daemon kpasswdd_server_enable=NO # Run kpasswdd (or NO) kpasswdd_server=/usr/libexec/kpasswdd # path to kerberos 5 passwd daemon Which options i need for this job..? Im really starting working with samba, but the kerberos stuff is some confused, thanks for your time!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date: 10/27/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date: 10/27/2006 I read some docs about the same situation with winbind+ldap but went i try, no success, but let me try with Kerberos and see what happend, i will inform here in the list, see you man. LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding FreeBSD Samba Server to windows 2003 ADS
2006/10/31, Edward Irvine at home [EMAIL PROTECTED]: Hi, It has been a while since I have looked at any of this. However, I do know you don't want to run a kdc on your FreeBSD server. Windows is the KDC. You do need to tell FreeBSD what realm you are in , and what the Windows ADS servers are: You might wish to try the following in your /etc/krb5.conf file: # /etc/krb5.conf [libdefaults] default_realm= EXAMPLE.COM forwardable = true default_tgs_enctypes = rc4-hmac des-cbc-crc default_tkt_enctypes = rc4-hmac des-cbc-crc [appdefaults] default_realm = EXAMPLE.COM pam = { forwardable = true krb4_convert = false debug= false } [realms] EXAMPLE.COM = { kdc = ads1.example.com:88 kdc = ads2.example.com:88 admin_server = ads1.example.com:749 kpasswd_server = ads1.example.com:464 kpasswd_protocol = SET_CHANGE default_domain = example.com } [domain_realm] example.com = EXAMPLE.COM .example.com = EXAMPLE.COM [logging] default = FILE:/var/log/krb5lib.log Also, you might want to try this link: http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html Eddie Alberto Moreno wrote: 2006/10/27, Guillermo Gutierrez [EMAIL PROTECTED]: Thank you for your response. I have not been successful in trying to do this. I have found a how-to doing this with winbind and ldap ut coud not get them to work. -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] On Behalf Of Alberto Moreno Sent: Thursday, October 26, 2006 11:51 PM To: samba@lists.samba.org Subject: Re: [Samba] Adding FreeBSD Samba Server to windows 2003 ADS 2006/3/29, Guillermo Gutierrez [EMAIL PROTECTED]: Hi, I am trying to add a FreeBSD 6.0 Samba Server to a windows 2003 ADS domain and utilize winbind/kerberos for authenticating domain users on it. I have already done this with a Gentoo Samba server (which after I realized how, turned out to be very easy) but it is a lot tougher to do with FreeBSD. Has anyone on the list had any experience with it. The samba in the FreeBSD ports is version 3.0.14a but I downloaded the source for 3.0.21cso that I can use the latest version. thanks, Guillermo Gutierrez Development Systems Engineer Market Scan Information Systems Inc. (818) 575-2000 x2427 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba HI Guillermo, im working on this, but i see that this post is from march, just want to know if you succed with this? Did have some tips about this situation? Is your system stable? May you show me your settings? I already installed samba on freebsd 6-1 from ports with ADS support, tomorrow i will try to add that machine to win2k3 AD domain, but my doubt is with the kerberos version that has freebsd by default, can we use that one..? We can enable krb5 from rc.conf, but we need all the optios there? # # kerberos. Do not run the admin daemons on slave servers # kerberos5_server_enable=NO # Run a kerberos 5 master server (or NO). kerberos5_server=/usr/libexec/kdc # path to kerberos 5 KDC kerberos5_server_flags= # Additional flags to the kerberos 5 server kadmind5_server_enable=NO # Run kadmind (or NO) kadmind5_server=/usr/libexec/kadmind # path to kerberos 5 admin daemon kpasswdd_server_enable=NO # Run kpasswdd (or NO) kpasswdd_server=/usr/libexec/kpasswdd # path to kerberos 5 passwd daemon Which options i need for this job..? Im really starting working with samba, but the kerberos stuff is some confused, thanks for your time!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date: 10/27/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date: 10/27/2006 I read some docs about the same situation with winbind+ldap but went i try, no success, but let me try with Kerberos and see what happend, i will inform here in the list, see you man. LIving the dream... Thanks for that link i will try and let you know guys, right im setting the ntp server on my lan to syc clocks between clients servers. See you soon. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding FreeBSD Samba Server to windows 2003 ADS
2006/3/29, Guillermo Gutierrez [EMAIL PROTECTED]: Hi, I am trying to add a FreeBSD 6.0 Samba Server to a windows 2003 ADS domain and utilize winbind/kerberos for authenticating domain users on it. I have already done this with a Gentoo Samba server (which after I realized how, turned out to be very easy) but it is a lot tougher to do with FreeBSD. Has anyone on the list had any experience with it. The samba in the FreeBSD ports is version 3.0.14a but I downloaded the source for 3.0.21cso that I can use the latest version. thanks, Guillermo Gutierrez Development Systems Engineer Market Scan Information Systems Inc. (818) 575-2000 x2427 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba HI Guillermo, im working on this, but i see that this post is from march, just want to know if you succed with this? Did have some tips about this situation? Is your system stable? May you show me your settings? I already installed samba on freebsd 6-1 from ports with ADS support, tomorrow i will try to add that machine to win2k3 AD domain, but my doubt is with the kerberos version that has freebsd by default, can we use that one..? We can enable krb5 from rc.conf, but we need all the optios there? # # kerberos. Do not run the admin daemons on slave servers # kerberos5_server_enable=NO # Run a kerberos 5 master server (or NO). kerberos5_server=/usr/libexec/kdc # path to kerberos 5 KDC kerberos5_server_flags= # Additional flags to the kerberos 5 server kadmind5_server_enable=NO # Run kadmind (or NO) kadmind5_server=/usr/libexec/kadmind # path to kerberos 5 admin daemon kpasswdd_server_enable=NO # Run kpasswdd (or NO) kpasswdd_server=/usr/libexec/kpasswdd # path to kerberos 5 passwd daemon Which options i need for this job..? Im really starting working with samba, but the kerberos stuff is some confused, thanks for your time!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding FreeBSD Samba Server to windows 2003 ADS
2006/10/27, Guillermo Gutierrez [EMAIL PROTECTED]: Thank you for your response. I have not been successful in trying to do this. I have found a how-to doing this with winbind and ldap ut coud not get them to work. -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] On Behalf Of Alberto Moreno Sent: Thursday, October 26, 2006 11:51 PM To: samba@lists.samba.org Subject: Re: [Samba] Adding FreeBSD Samba Server to windows 2003 ADS 2006/3/29, Guillermo Gutierrez [EMAIL PROTECTED]: Hi, I am trying to add a FreeBSD 6.0 Samba Server to a windows 2003 ADS domain and utilize winbind/kerberos for authenticating domain users on it. I have already done this with a Gentoo Samba server (which after I realized how, turned out to be very easy) but it is a lot tougher to do with FreeBSD. Has anyone on the list had any experience with it. The samba in the FreeBSD ports is version 3.0.14a but I downloaded the source for 3.0.21cso that I can use the latest version. thanks, Guillermo Gutierrez Development Systems Engineer Market Scan Information Systems Inc. (818) 575-2000 x2427 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba HI Guillermo, im working on this, but i see that this post is from march, just want to know if you succed with this? Did have some tips about this situation? Is your system stable? May you show me your settings? I already installed samba on freebsd 6-1 from ports with ADS support, tomorrow i will try to add that machine to win2k3 AD domain, but my doubt is with the kerberos version that has freebsd by default, can we use that one..? We can enable krb5 from rc.conf, but we need all the optios there? # # kerberos. Do not run the admin daemons on slave servers # kerberos5_server_enable=NO # Run a kerberos 5 master server (or NO). kerberos5_server=/usr/libexec/kdc # path to kerberos 5 KDC kerberos5_server_flags= # Additional flags to the kerberos 5 server kadmind5_server_enable=NO # Run kadmind (or NO) kadmind5_server=/usr/libexec/kadmind # path to kerberos 5 admin daemon kpasswdd_server_enable=NO # Run kpasswdd (or NO) kpasswdd_server=/usr/libexec/kpasswdd # path to kerberos 5 passwd daemon Which options i need for this job..? Im really starting working with samba, but the kerberos stuff is some confused, thanks for your time!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date: 10/27/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date: 10/27/2006 I read some docs about the same situation with winbind+ldap but went i try, no success, but let me try with Kerberos and see what happend, i will inform here in the list, see you man. LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Adding FreeBSD Samba Server to windows 2003 ADS
Hi, I am trying to add a FreeBSD 6.0 Samba Server to a windows 2003 ADS domain and utilize winbind/kerberos for authenticating domain users on it. I have already done this with a Gentoo Samba server (which after I realized how, turned out to be very easy) but it is a lot tougher to do with FreeBSD. Has anyone on the list had any experience with it. The samba in the FreeBSD ports is version 3.0.14a but I downloaded the source for 3.0.21c so that I can use the latest version. thanks, Guillermo Gutierrez Development Systems Engineer Market Scan Information Systems Inc. (818) 575-2000 x2427 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba