James and others: I have attached my HOWTO (in plaintext) to this e-mail. I have also included my smb.conf file.
Keep in mind that this all refers to *my* network, so you'll need to substitute things for your setup. One other thing that should be mentioned - this smb.conf file is from my test machine that is going in as a "router". This means it has two NICs in it. I have bound Samba to the internal interface and Loopback interface to make it work. General "if it breaks, it ain't my fault" rules apply :-) I truly hope this helps someone. Kevin > -----Original Message----- > From: James Lamanna [mailto:jamesl@;appliedminds.net] > Sent: Thursday, November 07, 2002 2:31 PM > To: 'Collins, Kevin' > Subject: RE: [Samba] Problems authentication with NT PDCs in > security = > server (was sercurity = user) > > > Sure, that would be great. > > Thanks a lot. > --James > > -----Original Message----- > From: Collins, Kevin [mailto:KCollins@;nesbittengineering.com] > Sent: Thursday, November 07, 2002 11:25 AM > To: 'James Lamanna'; [EMAIL PROTECTED] > Subject: RE: [Samba] Problems authentication with NT PDCs in > security = > server (was sercurity = user) > > > James: > > I use Winnind to authenticate users from the Windows PDC - I have no > UNIX users. > > Have you looked at this? I've got an informal HOWTO if you'd like it. > > Thanks, > > Kevin L. Collins, MCSE > Systems Manager > Nesbitt Engineering, Inc. > > > > -----Original Message----- > > From: James Lamanna [mailto:jamesl@;appliedminds.net] > > Sent: Thursday, November 07, 2002 2:16 PM > > To: [EMAIL PROTECTED] > > Subject: [Samba] Problems authentication with NT PDCs in security = > > server (was sercurity = user) > > > > > > I wanted to avoid having to create a machine account on the PDC and > > having UNIX accounts for everyone. > > > > > > > Try: > > > > > security = domain > > > password server = network name of dc > > > encrypt passwords = yes > > > workgroup = domainname > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > >
smb.conf
Description: Binary data
Samba Server HOWTO – Samba and Winbind Install Red Hat Linux 7.3 – Vanilla Server with Windows Server packages. This installs Samba 2.2.5a. Download Samba 2.2.6 – latest version at this time. I got both the Red Hat RPM and the Source as well. 1). Compile the Source code for Samba 2.2.6 Untar and un-gzip the source file into the /usr/src/samba 2.2.6 directory. #cd /usr/src #tar –zxvf <path to/samba *.gz filename> #cd /usr/src/samba 2.2.6/source directory #make clean – fails because Samba’s never been compiled before. #rm config.cache – fails because Samba’s never been compiled before. #./configure --with-winbind – This is the difference between the standard Red Hat RPM and the way things need to be. This creates the WINBIND libraries used below. #make – compiles the code. 2). At this point I removed the existing Samba 2.2.5a setup and installed the new Samba 2.2.6 with the commands: # rpm -e samba # rpm -e samba-client # rpm -e samba-swat <-- This didn’t exist by default. # rpm -e samba-common # cd /<to where the binary RPM is stored> # rpm -ivh <samba RPM filename> 3). Copy the WINBIND libraries to the proper place so the WINDBINDD daemon can access them when needed. # cd /usr/src/samba 2.2.6/source/nsswitch # cp libnss_winbind.so /lib # ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 4). Edit the /etc/nsswitch.conf file to utilize WINBIND # cd /etc # pico nsswitch.conf Look for a lines reading “passwd” and “group” and include “winbind” in the list of authenticators. ** Reboot the machine for these changes to take effect. ** 5). Configure the smb.conf file in the /etc/samba folder. Be sure to have these lines: winbind separator = + winbind uid = 10000-20000 winbind gid = 10000-20000 winbind cache time = 10 template shell = /bin/bash template homedir = /home/%D/%U These settings allow WINBIND to function properly. Be sure to run testparm after the changes are made. 6). Join the Samba server to the domain – with the following command # smbpasswd -j DOMAINNAME -r PDCNAME -U ADMINUSERNAME If this is successful it will return “Joined domain: DOMAINNAME” 7). Modify the smb startup file # cd /etc/init.d # pico smb <-- This starts a console based test editor Make the following changes Add daemon /usr/sbin/winbindd –s /etc/samba/smb.conf under the line that reads daemon nmbd –D in the “start” section. Add killproc winbindd after the line killproc nmbd in the “stop” section. These changes allow the WINBIND daemon to start and stop when the Samba service does. 8). Start Samba # service smb start If things went well, you should see and [ OK ] proclaiming the services started. To test this you can run these commands: # ps -ax | grep mbd <-- should return both smbd and nmbd as running # ps -ax | grep winbindd <-- should return both winbindd as running At this point the server should be running. A couple of final tests: # gentnt passwd <-- should see domain users in the list in the form DOMAIN+User # getent group <-- should see domain groups in the list in the form DOMAIN+Group 9). Final settings: Making sure the setup survives a reboot. # chkconfig smb –level 35 on This should make Samba start during boot up on run levels 3 and 5 (console and GUI) If you reboot the system now, and run the previous tests, the daemons should still be running. One other note – all of the above procedures need to be run with “root” access to the machine.
smime.p7s
Description: application/pkcs7-signature