Penguin
Recent Changes
Diff: ActiveDirectorySamba
EditPageHistoryDiffInfoLikePages

Differences between version 22 and predecessor to the previous major change of ActiveDirectorySamba.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 22 Last edited on Thursday, June 17, 2004 10:53:13 am by GreigMcGill Revert
Older page: version 20 Last edited on Wednesday, June 2, 2004 8:33:29 am by DougGoldstein Revert
@@ -1,5 +1,5 @@
-This simple guide is a mostly accurate way to set up a Samba machine as a domain member in a Windows 2000 or Windows 2003 Active Directory domain. 
+This simple guide is a mostly accurate way to set up a Samba machine as a domain member in a Windows 2000 or Windows 2003 Active Directory domain. For a REALLY short version, tested with Win2k3, see SambaADQuickNDirty
  
 The following setup is used: 
  192.168.0.1 test1.thinclient.test.org (the AD server, hereafter known as the server) 
  192.168.0.209 mail.thinclient.test.org (samba3 machine) 
@@ -64,11 +64,11 @@
  workgroup = THINCLIENT 
  netbios name = MAIL 
  
  # winbindd configuration 
- winbind separator = +  
- idmap uid = 10000-20000  
- idmap gid = 10000-20000 
+ winbind separator = + ''The default character is \ which is good if you use mod_ntlm since that's it's character, users only have to remember 1 syntax''  
+ idmap uid = 10000-20000 ''alias of winbind uid''  
+ idmap gid = 10000-20000 ''alias of winbind gid''  
  winbind enum users = yes 
  winbind enum groups = yes 
  template homedir = /home/%D/%U 
  template shell = /bin/bash 
@@ -83,8 +83,10 @@
  
 NB: The important things to pay attention to here are the name of our samba machine (netbios name), the workgroup, and the ActiveDirectory stuff. 
  
 ! Configure Kerberos5 
+  
+''Configuring your kerberos setup is much easier in the long run then generating the key and importing it''  
  
 See ActiveDirectoryKerberos on setting up Kerberos to talk to ActiveDirectory. 
  
 ''If your kerberos setup is good, at this point, you might just want to run'' __net ads join -U Administrator%password__ ''which should do all that _ktpass_ and _ktutil_ stuff on the fly as mentioned in [http://us1.samba.org/samba/docs/man/domain-member.html#ads-member] . Then you can skip to the winbind section below ;-)'' -- EnigMa 
@@ -106,9 +108,9 @@
  ktutil: __q__ 
  
 Alternatively ... as root: 
  
- net join -U Administrator%password 
+ net join -U Administrator%password ''Don't specify %password and it will prompt you on the command line, for the security minded''  
  
 This will join the Samba machine to the Active Directory Domain. 
 However this latter will only work if your Kerberos configuration actually works.