From INIwiki
Jump to: navigation, search

Digg this!

This configuration is used for MS to Linux sharing (for Linux to Linux file sharing see File Share)


[edit] Pre-Configuration

Verify and ensure connectivity to your DC

vi /etc/hosts
vi /etc/resolv.conf

also check you ntpd is installed an running

[edit] Auth Order

vi /etc/nsswitch.conf
passwd:     files winbind
shadow:     files winbind
group:      files winbind

hosts:      files dns winbind

[edit] Samba

vi /etc/samba/smb.conf

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
   workgroup = INISEC
   netbios name = myth
# server string is the equivalent of the NT Description field
   server string = "MythTv File Server"
# Security mode. Defines in which mode Samba will operate. Possible
# values are share, user, server, domain and ads. Most people will want
# user level security. See the Samba-HOWTO-Collection for details.
   security = ads
  password server =
  encrypt passwords = yes
  password level = 20
  realm = INISEC.COM
  winbind use default domain = false
  winbind separator = +
  idmap uid = 10000-20000
  idmap gid = 10000-20000
  winbind enum users = yes
  winbind enum groups = yes
  template homedir = /home/%D/%U
  template shell = /bin/bash
  wins server =

[edit] Kerberos

 vi /etc/krb5.conf
 default_realm = INISEC.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

  kdc =
  admin_server =
  default_domain = INISEC.COM
  kdc = INIDC01

[domain_realm] = INISEC.COM = INISEC.COM

[edit] Test and Join Domain

Run the following from the Linux console:

net rpc join -U administrator
net ads join -U administrator

It should say joined domain FOREST yada yada.... for each command

[edit] Start services

service smb restart
service winbind restart

[edit] Start on bootup (redhat based)

chkconfig smb on
chkconfig winbind on

[edit] Windows Server

check "Active Directory Computers and Users" on your domain controller to see if there is a computer account for your linux machine

In "Active Directory Computers and Users" create a group called "LINUX" those in this group will have access to the shares.

[edit] Other Windows Notes

The share name is the name in the [ ] in the smb.conf file.

If you are not logged in as a domain user to your windows box you need to pass credentials in the domain\username format not the user@domain.

[edit] Simple Tests

Show Users

wbinfo -u

Show Groups

wbinfo -g 

[edit] Debug / Troubleshooting

[edit] WinBind Debug:

winbindd -d3 -i

Review files


[edit] Attachments/Sample Files

Copy of smb.conf file (.txt)

Revision History

Copy of krb5.conf file (.txt

Revision History

Copy of nsswitch.conf file (.txt)

Revision History
Personal tools