Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions

  




 

 

Samba HowTo Guide
Prev Home Next

Default Winbind TDB

Two common configurations are used:

  • Networks that have an NT4 PDC (with or without BDCs) or a Samba PDC (with or without BDCs).

  • Networks that use MS Windows 200x ADS.

NT4-Style Domains (Includes Samba Domains)

NT4 Domain Member Server smb.con is a simple example of an NT4 DMS smb.conf file that shows only the global section.

Example13.1.NT4 Domain Member Server smb.conf

# Global parameters
[global]
workgroup = MEGANET2
security = DOMAIN
idmap uid = 10000-20000
idmap gid = 10000-20000
template primary group = "Domain Users"
template shell = /bin/bash

The use of winbind requires configuration of NSS. Edit the /etc/nsswitch.conf so it includes the following entries:

...
passwd: files winbind
shadow: files winbind
group:  files winbind
...
hosts:  files [dns] wins
...

The use of DNS in the hosts entry should be made only if DNS is used on site.

The creation of the DMS requires the following steps:

  1. Create or install an smb.conf file with the above configuration.

  2. Execute:

    root#  net rpc join -UAdministrator%password
    Joined domain MEGANET2.
    

    The success of the join can be confirmed with the following command:

    root#  net rpc testjoin
    Join to 'MIDEARTH' is OK
    

    A failed join would report an error message like the following:

    root#  net rpc testjoin
    [2004/11/05 16:34:12, 0] utils/net_rpc_join.c:net_rpc_join_ok(66)
    Join to domain 'MEGANET2' is not valid
    

  3. Start the nmbd, winbind, and smbd daemons in the order shown.

ADS Domains

The procedure for joining an ADS domain is similar to the NT4 domain join, except the smb.conf file will have the contents shown in ADS Domain Member Server smb.conf

Example13.2.ADS Domain Member Server smb.conf

# Global parameters
[global]
workgroup = BUTTERNET
netbios name = GARGOYLE
realm = BUTTERNET.BIZ
security = ADS
template shell = /bin/bash
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind use default domain = Yes
winbind nested groups = Yes
printer admin = "BUTTERNET\Domain Admins"

ADS DMS operation requires use of kerberos (KRB). For this to work, the krb5.conf must be configured. The exact requirements depends on which version of MIT or Heimdal Kerberos is being used. It is sound advice to use only the latest version, which at this time are MIT Kerberos version 1.3.5 and Heimdal 0.61.

The creation of the DMS requires the following steps:

  1. Create or install an smb.conf file with the above configuration.

  2. Edit the /etc/nsswitch.conf file as shown above.

  3. Execute:

    root#  net ads join -UAdministrator%password
    Joined domain BUTTERNET.
    

    The success or failure of the join can be confirmed with the following command:

    root#  net ads testjoin
    Using short domain name -- BUTTERNET
    Joined 'GARGOYLE' to realm 'BUTTERNET.BIZ'
    

    An invalid or failed join can be detected by executing:

    root#  net ads testjoin
    GARGOYLE$@'s password:
    [2004/11/05 16:53:03, 0] utils/net_ads.c:ads_startup(186)
      ads_connect: No results returned
    Join to domain is not valid
    

    The specific error message may differ from the above because it depends on the type of failure that may have occurred. Increase the log level to 10, repeat the test, and then examine the log files produced to identify the nature of the failure.

  4. Start the nmbd , winbind , and smbd daemons in the order shown.

Samba HowTo Guide
Prev Home Next

 
 
  Published under the terms fo the GNU General Public License Design by Interspire