Differences between version 41 and predecessor to the previous major change of ActiveDirectorySamba.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 41 | Last edited on Sunday, May 29, 2005 2:38:57 pm | by JohnMcPherson | Revert |
Older page: | version 39 | Last edited on Friday, April 1, 2005 8:49:28 pm | by PvtJoker | Revert |
@@ -90,8 +90,14 @@
# Active directory joining
# "ads server" is only necessary if your kdc
# can't be located using /etc/krb5.conf -- JamesSpooner
+ #
+ # Note that more recent Samba versions have renamed "ads server"
+ # to "password server", so if /var/log/messages reports
+ # 'Unknown parameter encountered: "ads server"' on restart,
+ # change 'ads' to 'password' -- ChetHosey
+ #
# ads server = test1.thinclient.test.org
security = ads
# encrypt passwords = yes is now default in Samba3 -- Enigma
encrypt passwords = yes
@@ -121,15 +127,15 @@
This, and many other tools for managing Kerberos in Windows 2000, are located in the support tools which are directly downloadable from [Microsoft|http://www.microsoft.com/downloads/details.aspx?familyid=f08d28f3-b835-4847-b810-bb6539362473&displaylang=en]. Thanks to Jan Gerle for the tip.
We then transfer the mail.keytab securely to our samba machine by using something similar to SSH or another secure means. And then on the samba machine we will import the keyfile we just generated by using the ktutil program, which is part of the kerberos distribution. The unix commands for ktutil are as follows:
-<verbatim
>
+<pre
>
% __ktutil__
ktutil: __rkt mail.keytab__
ktutil: __list__
ktutil: __wkt /etc/krb5.keytab__
ktutil: __q__
-</verbatim
>
+</pre
>
See ActiveDirectoryKerberos on setting up Kerberos to talk to ActiveDirectory.
! (Re)starting Samba and Winbindd