Differences between version 3 and predecessor to the previous major change of ActiveDirectorySamba.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 3 | Last edited on Monday, September 8, 2003 11:22:21 am | by GerwinVanDeSteeg | Revert |
| Older page: | version 1 | Last edited on Sunday, September 7, 2003 11:10:28 pm | by JamesSpooner | Revert |
@@ -9,9 +9,9 @@
The following steps are needed to get the system functioning:
# configure name resolution using either dns or a hosts file
# configure samba and winbindd
# configure kerberos
-# testing the kerberos configuration
+# testing Samba and [winbindd]
# good luck
! Configure name resolution
@@ -100,8 +100,72 @@
net join -U Administrator%password
This will join the Samba machine to the ActiveDirectory Domain.
+However this latter will only work if your Kerberos configuration actually works.
+
+! (Re)starting Samba and Winbindd
+
+First we test our samba configuration and our winbind settings, before we modify our samba startup script.
+
+ /etc/rc.d/init.d/samba restart
+ /usr/sbin/winbindd
+
+For some of our paranoid friends, we can check to see if our winbindd is actually running using
+ ps fax | grep winbindd
+
+Now for a real test, and see if we can get some information off our ActiveDirectory PDC.
+
+ /usr/bin/wbinfo -u
+
+And we should get a list of users in the format THINCLIENT+<username>
+
+ THINCLIENT+Administrator
+ THINCLIENT+Guest
+ ..
+
+And we can do the same for our list of groups.
+
+ /usr/bin/wbinfo -g
+
+ THINCLIENT+Domain Admins
+ THINCLIENT+Domain Users
+ THINCLIENT+Schema Admins
+ ..
+
+We can now use the getent utility to get a unified list of both the local and PDC usersand groups. These utilities will generate a list of data similar in format to the /etc/passwd and /etc/group files respectively.
+
+ /usr/bin/getent passwd
+ /usr/bin/getent group
+
+After this we can fix up our init.d startup scripts to automate the startup of winbindd.
+
+! Configure PAM and Winbind
+
+__Before we do anything at all here, we need to make a backup of our /etc/pam.d/* files. Ahd have a linux bootdisk available if possible. If anything goes wrong here, you may not be able to login to your system properly. (So don't reboot or logoff to test, but use a text console)__
+
+To have our ActiveDirectory users be able to login to our we have to modify our /etc/pam.d/login.
+We don't need to modify our /etc/pam.d/samba settings as it is already configured for winbind.
+
+''/etc/pam.d/login''
+
+ #%PAM-1.0
+ auth required pam_securetty.so
+ auth sufficient pam_winbind.so
+ auth sufficient pam_unix.so use_first_pass
+ auth required pam_stack.so service=system-auth
+ auth required pam_nologin.so
+ account sufficient pam_winbind.so
+ account required pam_stack.so service=system-auth
+ password required pam_stack.so service=system-auth
+ session required pam_stack.so service=system-auth
+ session optional pam_console.so
+
+After we save this file, we should now be able to login to our linux machine with the username THINCLIENT+Administrator, and get ourself a login prompt. Now the system may complain if you do not have the specified home directory created (in this case /home/THINCLIENT/Administrator)
+
+! Have fun
+
+And congrats it works, if you want to configure further items such as mail and other things you may need to modify the apropriate PAM modules, and isn't covered here.
! References
