Hi, An update on my work to integrate my Linux server (CentOS 4.3) in AD 2003.
Sorry about the long post :) Found this page (http://www.enterprisenetworkingplanet.com/netos/article.php/3487081) and followed the instructions on it. First, I made sure that the Samba installation is supporting Kerberos, LDAP, AD and Windbind. That was OK. I made sure that /etc/hosts contain the name of the AD server (castor-srvr1). Then I edited /etc/krb5.conf to include the following: [libdefaults] default_realm = CASTORTECH.COM [realms] CASTORTECH.COM = { kdc = castor-srvr1.castortech.com } [domain_realm] .kerberos.server = CASTORTECH.COM I got the default realm name when I ran ksetup on the AD server. I then tried to connect using kinit [EMAIL PROTECTED] It asks for a password and it return an error (krb_error 14 KDC has no support for encryption type). If I use another user (simon, my account with domain admin rights), it connects and create a new ticket. To be sure, I tested with a user that don't exist and got a "krb_error 24 Pre-authentication information was invalid". Any idea why administrator won't connect? I modified /etc/samba/smb.conf with the info in chapter 13 on the Samba book. The pre-Windows 2000 name of the domain is MONTREAL. [global] workgroup = MONTREAL realm = CASTORTECH.COM preferred master = no security = ADS template shell = /bin/bash idmap uid = 500-10000000 idmap gid = 500-10000000 winbind use default domain = yes winbind nested groups = yes encrypt passwords = yes log level = 3 server string = Linux wins server = 192.168.64.20 dns proxy = no password server = None username map = /etc/samba/smbusers [homes] comment = Home Directories browseable = no writeable = yes [root] path = / writeable = yes guest ok = yes Password server was at none by default. Do I need to put the AD server there? Not sure if the workgroup needs to be the NetBIOS name of the domain (MONTREAL) or the AD server name. [root] is the share I created on my Linux box. Missing anything for that? If I run testparm with that config: Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Processing section "[printers]" Processing section "[root]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER To join the domain, the site says to run net ads join -U Administrator. Of course, that didn't work (ads_connect: No such file or directory). I ran net ads join -U administrator --server=castor-srvr1. And got: [2006/04/18 13:52:13, 0] libads/ldap.c:ads_add_machine_acct(1368) ads_add_machine_acct: Host account for castor-srvr4 already exists - modifying old account Using short domain name -- MONTREAL Joined 'CASTOR-SRVR4' to realm 'CASTORTECH.COM' If I open ADUC I can see the server under Computers. So far so good. I think. Now I need to configure Winbind. I edited /etc/nsswitch.conf: passwd: files winbind shadow: files winbind group: files winbind hosts: files dns wins Then I restarted the services. I ran a few wbinfo commands to test it. Wbinfo -g BUILTIN\System Operators BUILTIN\Replicators BUILTIN\Guests BUILTIN\Power Users BUILTIN\Print Operators BUILTIN\Administrators BUILTIN\Account Operators BUILTIN\Backup Operators BUILTIN\Users Look like BUILTIN is on the Linux box instead of AD. But wbinfo --domain=MONTREAL -g Error looking up domain groups Same thing with -u. I tried net ads info --server=castor-srvr1 LDAP server: 192.168.64.20 LDAP server name: castor-srvr1 Realm: CASTORTECH.COM Bind Path: dc=CASTORTECH,dc=COM LDAP port: 389 Server time: Tue, 18 Apr 2006 14:35:24 GMT KDC server: 192.168.64.20 Server time offset: 187 Net ads testjoin --server=castor-srvr1 Join is OK So according to this, the Linux box is in the domain but there is a problem with Windbind. Or something. I can't access the Linux box from Windows. This is where I'm stuck and would appreciate some help. Thanks! Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba