Anda di halaman 1dari 4

08/04/2015

UsingSambaonDebianLinux

DebianAdministration
About
Archive
Contribute
FAQ
Search
Tags

UsingSambaonDebianLinux
PostedbyltackmannonThu26Jan2006at10:29
Tags:activedirectory,filesystems,howto,kerberos,network,samba
ThisarticlewillshowyouhowtoinstallSamba3.XonDebianLinux3.1(Sarge)andmakeit
authenticateagainstaWindowsserverrunningActiveDirectory.Itisnotintendedonreplacingthe
actualofficialSamba3manualwhichisaquitegoodreadanyway.

Coresoftware
IwillshowtwowaysofinstallingSamba:usingaptordirectlyfromsourceineithercasemakesure
apt'spackageindexfilesaresynchronized:
aptgetupdate
aptgetupgrade

Toinstallfromaptrun:
aptgetinstallsambasmbclientwinbindkrb5dockrb5user\

krb5config

TocompileSambayourselfyouneedtohaveMITKerberosandOpenLDAPinstalled:
aptgetinstalllibkrb53libcupsys2gnutls10libldap2\

libldap2devlibkrb5devkrb5dockrb5user\

krb5config

ThengrapthelatestversionoftheSambasource(forthisarticlewewillusesamba3.0.9.tar.gz),and
do:
tarzxvfsamba3.0.9.tar.gzC/tmp/
cd/tmp/samba3.0.9/source
./configure\

prefix=/usr\

localstatedir=/var\

withconfigdir=/etc/samba\

withprivatedir=/etc/samba\

withfhs\

withquotas\

withsmbmount\

withpam\

withpam_smbpass\

withsyslog\

withutmp\

withsambabook=/usr/share/swat/using_samba\
https://www.debianadministration.org/article/340/Using_Samba_on_Debian_Linux

1/14

08/04/2015

UsingSambaonDebianLinux

withswatdir=/usr/share/swat\

withsharedmodules=idmap_rid\

withlibsmbclient\

withautomount\

withmsdfs\

withads\

withwinbind\

withwinbindauthchallenge\

withmanpageslangs=en\

withidmap\

withaclsupport\

withldap
make
makeinstall

Windowsserversetup
InstallaWindowsserverandmakeitactasadomaincontroller(seethisguideforpointersonsetting
upadomaincontroller).Iwillusethefollowngserversetup:
DomainadministratoracountonWindowsserver:administrator>
Domainname:testdomain
Fullyqualifieddomainname:testdomain.local
HostnameofWindowsdomaincontroller:win2003test
IPaddressofWindowsdomaincontroller:192.168.1.101
Youshouldfamilateyourselfwithwhatthesecororspondstoinyourlocaldomainbeforecontinuing
withthisguide.

Networksetup
WeneedtomakesurethatDNSisworkingproperlyontheserverrunningSamba,thisisdoneby
makingtheWindowsDomaincontrollerthedefaultDNSserver.TodothisIsubstitutemyDNS
configurationin/etc/resolve.confwiththefolowing:
searchtestdomain.local
nameserver192.168.1.101

IfyouhavemorethanoneDNSserverinyourdomain,thenalsoaddthemhere.TestDNSusing:
nslookupwin2003test
>Server:192.168.1.101
>Address:192.168.1.101
>Name:win2003test.testdomain.local
>Address:192.168.1.101

Testreverselookupusing:
host192.168.1.101
>101.1.168.192.inaddr.arpadomainnamepointer
>win2003test.testdomain.local.

Ifforsomereasonanyofthesetwotestfails,thengothroughyournetworksetupandthissection
https://www.debianadministration.org/article/340/Using_Samba_on_Debian_Linux

2/14

08/04/2015

UsingSambaonDebianLinux

again.YourDNSmustbecorrectlyconfiguredinordertorunSambasuccessfullywithActive
Directory.

Kerberossetup
WewillhavetoconfigureKerberos(oryoucouldavoidthisbysettingthepasswordserverin
/etc/samba/smb.conf,tothePDCemulatorbutthenyouwouldbetalkingoldschoolNTLMwiththe
domaincontroller).TogetrealADworkingaddthefolowinglinesto/etc/krb5.conf:
[realms]
TESTDOMAIN.LOCAL={

kdc=win2003test.testdomain.local

admin_server=win2003test.testdomain.local
}

Thendo:
kinitadministrator@TESTDOMAIN.LOCAL

Thesyntaxiskinituser@REALM,whereREALMisyourActiveDirectorydomainnameandmustbe
alluppercase.Ifyoudonotusealluppercasefortherealm,you'lleitherreceivethiserror:kinit(v5):
CannotfindKDCforrequestedrealmwhilegettinginitialcredentialsorthiserror:kinit(v5):KDC
replydidnotmatchexpectationswhilegettinginitialcredentials.Youcantestyourkerberossetupby
issuing
klist

Ifitreportsthatyouhavenokeysinthecachethensomethingiswrong.Intheeventthatyourecive:
kinit(v5):Clockskewtoogreatwhilegettinginitialcredentialsthenmakesurethattheclock
synchronisationbetweenyourWindowsServerandyourLinuxserveriswithinfiveminutes.Ifthe
timeisoffbymorethenthetwoserverswillunablesendticketinformationtoeachother.

Optional:UseaNTPServer
Onewaytosolvetheclocksynchronisationproblemistouseatimeserver(youmightevenwantto
useyouractivedirectoryserver(s)).UsingaNTPserverisoptionalandnotstrictlyrequiredinorder
torunaSambainanAD,butanywayhereishowitisdone.Firstinstalltherequiredntppackages:
aptgetinstallntpdate

Thenaddyourfavoritetimeserver(s)to'''/etc/ntp.conf''',andexecute:
/etc/init.d/ntpdaterestart

Sambasetup
Toconnectuptoyourdomaincreate:/etc/samba/smb.confandadd:
https://www.debianadministration.org/article/340/Using_Samba_on_Debian_Linux

3/14

08/04/2015

UsingSambaonDebianLinux

[global]
security=ads
passwordserver=win2003test
encryptpasswords=yes
workgroup=testdomain
realm=TESTDOMAIN.LOCAL
netbiosname=temporay
idmapuid=1000020000
idmapgid=1000020000
winbindenumusers=yes
winbindenumgroups=yes
winbindusedefaultdomain=Yes

Inworkgroupinsertthedomainname,realmshouldbesettothefullyqualifieddomainname
(uppercase).InsertthenameoftheWindowsservertoauthenticateagainstinthepasswordserver
field.Wearenowreadytostarttheneededservices:
smbd
nmbd

Tojointhedomaininthedefaultorganisationunitdo:
netadsjoinWtestdomainSwin2003testUadministrator

oruseanotherunitlikethis:
netadsjoinDenmark\/Copenhagen\/ComputersWtestdomain\

Swin2003testUadministrator

Nowcheckifeverythingworksbyissuingthefolowingcommands:
Testdomaincomputeraccount:netadstestjoin.
Testwinbindd:wbinfoutolistADusersandwbinfogforgroups.
TestconnectiontoaremoteWindowsserverfromtheSambaserver:smbclientL
//win2003testk.
Runwbinfotitshouldreturn:checkingthetrustsecretviaRPCcallssucceeded,otherwise
youhavedonesomthingwrong(usetestparmvtocheckyourSambaconfiguration).
FinallytestconnectivityfromaWindowsbox:StartRun\\SAMBASERVER.
AddComment

<<<CDburningwitha2.4kernel:howtoconfigureDebianproperly?Morehardwaremonitoring:
IPMI>>>

Whyaretheseadvertshere?
#
Re:UsingSambaonDebianLinux
PostedbyAnonymous(84.194.xx.xx)onThu26Jan2006at10:52
Thisisgoodandshort.LikethebestHOWTOs!
https://www.debianadministration.org/article/340/Using_Samba_on_Debian_Linux

4/14