Scribd
Upload
83 views

Using Samba On Debian Linux

This document provides instructions for configuring Samba on Debian Linux to authenticate against a Windows Active Directory server. It describes installing Samba from the apt package or by compiling from source. It also covers configuring Kerberos authentication with AD and joining the Linux system to the AD domain. DNS and NTP are configured to allow communication with the Windows domain controller.

Uploaded by

Márcio O Borges
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
83 views

Using Samba On Debian Linux

This document provides instructions for configuring Samba on Debian Linux to authenticate against a Windows Active Directory server. It describes installing Samba from the apt package or by compiling from source. It also covers configuring Kerberos authentication with AD and joining the Linux system to the AD domain. DNS and NTP are configured to allow communication with the Windows domain controller.

Uploaded by

Márcio O Borges
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

08/04/2015

UsingSambaonDebianLinux

DebianAdministration
About
Archive
Contribute
FAQ
Search
Tags

UsingSambaonDebianLinux
PostedbyltackmannonThu26Jan2006at10:29
Tags:activedirectory,filesystems,howto,kerberos,network,samba
ThisarticlewillshowyouhowtoinstallSamba3.XonDebianLinux3.1(Sarge)andmakeit
authenticateagainstaWindowsserverrunningActiveDirectory.Itisnotintendedonreplacingthe
actualofficialSamba3manualwhichisaquitegoodreadanyway.

Coresoftware
IwillshowtwowaysofinstallingSamba:usingaptordirectlyfromsourceineithercasemakesure
apt'spackageindexfilesaresynchronized:
aptgetupdate
aptgetupgrade

Toinstallfromaptrun:
aptgetinstallsambasmbclientwinbindkrb5dockrb5user\

krb5config

TocompileSambayourselfyouneedtohaveMITKerberosandOpenLDAPinstalled:
aptgetinstalllibkrb53libcupsys2gnutls10libldap2\

libldap2devlibkrb5devkrb5dockrb5user\

krb5config

ThengrapthelatestversionoftheSambasource(forthisarticlewewillusesamba3.0.9.tar.gz),and
do:
tarzxvfsamba3.0.9.tar.gzC/tmp/
cd/tmp/samba3.0.9/source
./configure\

prefix=/usr\

localstatedir=/var\

withconfigdir=/etc/samba\

withprivatedir=/etc/samba\

withfhs\

withquotas\

withsmbmount\

withpam\

withpam_smbpass\

withsyslog\

withutmp\

withsambabook=/usr/share/swat/using_samba\
https://www.debianadministration.org/article/340/Using_Samba_on_Debian_Linux

1/14

08/04/2015

UsingSambaonDebianLinux

withswatdir=/usr/share/swat\

withsharedmodules=idmap_rid\

withlibsmbclient\

withautomount\

withmsdfs\

withads\

withwinbind\

withwinbindauthchallenge\

withmanpageslangs=en\

withidmap\

withaclsupport\

withldap
make
makeinstall

Windowsserversetup
InstallaWindowsserverandmakeitactasadomaincontroller(seethisguideforpointersonsetting
upadomaincontroller).Iwillusethefollowngserversetup:
DomainadministratoracountonWindowsserver:administrator>
Domainname:testdomain
Fullyqualifieddomainname:testdomain.local
HostnameofWindowsdomaincontroller:win2003test
IPaddressofWindowsdomaincontroller:192.168.1.101
Youshouldfamilateyourselfwithwhatthesecororspondstoinyourlocaldomainbeforecontinuing
withthisguide.

Networksetup
WeneedtomakesurethatDNSisworkingproperlyontheserverrunningSamba,thisisdoneby
makingtheWindowsDomaincontrollerthedefaultDNSserver.TodothisIsubstitutemyDNS
configurationin/etc/resolve.confwiththefolowing:
searchtestdomain.local
nameserver192.168.1.101

IfyouhavemorethanoneDNSserverinyourdomain,thenalsoaddthemhere.TestDNSusing:
nslookupwin2003test
>Server:192.168.1.101
>Address:192.168.1.101
>Name:win2003test.testdomain.local
>Address:192.168.1.101

Testreverselookupusing:
host192.168.1.101
>101.1.168.192.inaddr.arpadomainnamepointer
>win2003test.testdomain.local.

Ifforsomereasonanyofthesetwotestfails,thengothroughyournetworksetupandthissection
https://www.debianadministration.org/article/340/Using_Samba_on_Debian_Linux

2/14

08/04/2015

UsingSambaonDebianLinux

again.YourDNSmustbecorrectlyconfiguredinordertorunSambasuccessfullywithActive
Directory.

Kerberossetup
WewillhavetoconfigureKerberos(oryoucouldavoidthisbysettingthepasswordserverin
/etc/samba/smb.conf,tothePDCemulatorbutthenyouwouldbetalkingoldschoolNTLMwiththe
domaincontroller).TogetrealADworkingaddthefolowinglinesto/etc/krb5.conf:
[realms]
TESTDOMAIN.LOCAL={

kdc=win2003test.testdomain.local

admin_server=win2003test.testdomain.local
}

Thendo:
kinitadministrator@TESTDOMAIN.LOCAL

Thesyntaxiskinituser@REALM,whereREALMisyourActiveDirectorydomainnameandmustbe
alluppercase.Ifyoudonotusealluppercasefortherealm,you'lleitherreceivethiserror:kinit(v5):
CannotfindKDCforrequestedrealmwhilegettinginitialcredentialsorthiserror:kinit(v5):KDC
replydidnotmatchexpectationswhilegettinginitialcredentials.Youcantestyourkerberossetupby
issuing
klist

Ifitreportsthatyouhavenokeysinthecachethensomethingiswrong.Intheeventthatyourecive:
kinit(v5):Clockskewtoogreatwhilegettinginitialcredentialsthenmakesurethattheclock
synchronisationbetweenyourWindowsServerandyourLinuxserveriswithinfiveminutes.Ifthe
timeisoffbymorethenthetwoserverswillunablesendticketinformationtoeachother.

Optional:UseaNTPServer
Onewaytosolvetheclocksynchronisationproblemistouseatimeserver(youmightevenwantto
useyouractivedirectoryserver(s)).UsingaNTPserverisoptionalandnotstrictlyrequiredinorder
torunaSambainanAD,butanywayhereishowitisdone.Firstinstalltherequiredntppackages:
aptgetinstallntpdate

Thenaddyourfavoritetimeserver(s)to'''/etc/ntp.conf''',andexecute:
/etc/init.d/ntpdaterestart

Sambasetup
Toconnectuptoyourdomaincreate:/etc/samba/smb.confandadd:
https://www.debianadministration.org/article/340/Using_Samba_on_Debian_Linux

3/14

08/04/2015

UsingSambaonDebianLinux

[global]
security=ads
passwordserver=win2003test
encryptpasswords=yes
workgroup=testdomain
realm=TESTDOMAIN.LOCAL
netbiosname=temporay
idmapuid=1000020000
idmapgid=1000020000
winbindenumusers=yes
winbindenumgroups=yes
winbindusedefaultdomain=Yes

Inworkgroupinsertthedomainname,realmshouldbesettothefullyqualifieddomainname
(uppercase).InsertthenameoftheWindowsservertoauthenticateagainstinthepasswordserver
field.Wearenowreadytostarttheneededservices:
smbd
nmbd

Tojointhedomaininthedefaultorganisationunitdo:
netadsjoinWtestdomainSwin2003testUadministrator

oruseanotherunitlikethis:
netadsjoinDenmark\/Copenhagen\/ComputersWtestdomain\

Swin2003testUadministrator

Nowcheckifeverythingworksbyissuingthefolowingcommands:
Testdomaincomputeraccount:netadstestjoin.
Testwinbindd:wbinfoutolistADusersandwbinfogforgroups.
TestconnectiontoaremoteWindowsserverfromtheSambaserver:smbclientL
//win2003testk.
Runwbinfotitshouldreturn:checkingthetrustsecretviaRPCcallssucceeded,otherwise
youhavedonesomthingwrong(usetestparmvtocheckyourSambaconfiguration).
FinallytestconnectivityfromaWindowsbox:StartRun\\SAMBASERVER.
AddComment

<<<CDburningwitha2.4kernel:howtoconfigureDebianproperly?Morehardwaremonitoring:
IPMI>>>

Whyaretheseadvertshere?
#
Re:UsingSambaonDebianLinux
PostedbyAnonymous(84.194.xx.xx)onThu26Jan2006at10:52
Thisisgoodandshort.LikethebestHOWTOs!
https://www.debianadministration.org/article/340/Using_Samba_on_Debian_Linux

4/14

You might also like