[geeks] Samba help (more info)
Nick
nick at pelagiris.org
Fri Dec 3 14:01:53 CST 2004
When I was fighting samba I wrote up the attached quickie howto. It's
pretty simple, and works on redhat and debian, I havn't tried it on
anything else. One thing to remember if you have an admin account with
more than 5 (IIRC) groups you have to use the latest kerbrose.
Nick
On Thu, Dec 02, 2004 at 08:36:45PM -0600, Bill Bradford wrote:
> On Fri, Dec 03, 2004 at 02:05:47AM +0000, Lionel Peterson wrote:
> > Have you seen http://www.oreilly.com/catalog/samba2/book/ch04.html ?
> > Didn't read it too closely, but I noticed it talked about what does and
> > does not work with active directory domains...
>
> I just gave up, did a forehead-slap, and realized I can make the Windows
> boxes speak LPR to the print server and not have to mess with Samba at
> all.
>
> Bill
>
> --
> bill bradford
> austin texas
> _______________________________________________
> GEEKS: http://www.sunhelp.org/mailman/listinfo/geeks
Verify win2k administrator is in fewer than 10 groups
Edit krb5.conf and realms.
krb5.conf:
default_realm must be set (win2k domain name)
realm must be created
WIN2K.DOMAIN.NAME = {
kdc = pdc.fully.qualified.host.name:88
kdc = backup.domain.controller:88
admin_server = primary.domain.controller:749
default_domain = win2k.domain.name
}
domain_realm must be created
.win2k.domain.name = WIN2K.DOMAIN.NAME
win2k.domain.name = WIN2K.DOMAIN.NAME
Edit smb.conf (security=DOMAIN, no encryption, set realm, set workgroup)
smb.conf:
netbios name = Your Choice
server string = Another descriptive string
password server = pdc.fully.qualified.host.name
workgroup = first_section_of_win2k_domain_name
realm = win2k.domain.name
security = domain
client use spnego = yes (not required)
Do not set encrypt passwords!
net ads join -U administrator
will prompt for Administrator password (can spec another account)
net ads testjoin -p
-p tells net ads to use machine password
More information about the geeks
mailing list