7/23/2019 How to Ubuntu Samba File Sharing With AD 2003 Authentication
1/12
How to Ubuntu Samba file sharing with AD 2003 authentication
https://help.ubuntu.com/community/ActiveDirectoryWinbindHowtohttp://www.thaiadmin.org/board/index.php?topic=40947.0
Linux Server Windows Server
2 Server user AD2003
Windows 2003AD
Hostname = mydc IP = 192.168.1.250 Domain = domain.local
Ubuntu 9.04 package openssh-server putty
Hostname = mysmb IP = 192.168.1.251 Domain = domain.local
Ubuntu update 1
apt-get update
/etc/hostname
127.0.0.1 localhost
192.168.1.251 mysmb.domain.local mysmb
192.168.1.250 mydc.domain.local mydc
ping AD Server
ping mydc.domain.local
Ctrl + C ping
apt-get install krb5-user libpam-krb5 samba winbind acl ntp
kerberos,REALM server name Enter config file /etc/default/ntpdate sync AD
NTPDATE_USE_NTP_CONF=yes
NTPSERVERS="mydc.domain.local"
NTPOPTIONS="-u"
krb5.conf
cp -rav /etc/krb5.conf /etc/krb5.conf.default
/etc/krb5.conf
[logging]default = FILE:/var/log/krb5.log[libdefaults]ticket_lifetime = 24000
clock_skew = 300default_realm = DOMAIN.LOCALkrb4_config = /etc/krb.confkrb4_realms = /etc/krb.realmskdc_timesync = 1
https://help.ubuntu.com/community/ActiveDirectoryWinbindHowtohttps://help.ubuntu.com/community/ActiveDirectoryWinbindHowtohttp://www.thaiadmin.org/board/index.php?topic=40947.0http://www.thaiadmin.org/board/index.php?topic=40947.0http://www.thaiadmin.org/board/index.php?topic=40947.0https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto7/23/2019 How to Ubuntu Samba File Sharing With AD 2003 Authentication
2/12
ccache_type = 4forwardable = trueproxiable = truedefault_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5v4_instance_resolve = falsev4_name_convert = {host = {rcmd = host
ftp = ftp}plain = {something = something-else}}fcc-mit-ticketflags = true[realms]DOMAIN.LOCAL = {kdc = mydc.domain.localadmin_server = mydc.domain.localdefault_domain = DOMAIN.LOCAL
}[domain_realm].domain.local = DOMAIN.LOCALdomain.local = DOMAIN.LOCAL[login]krb4_convert = truekrb4_get_tickets = false
smb.conf
cp -rav /etc/samba/smb.conf /etc/samba/smb.conf.default
/etc/samba/smb.conf [global]security = adsrealm = DOMAIN.LOCALpassword server = mydc.domain.localworkgroup = DOMAINidmap uid = 10000-20000idmap gid = 10000-20000winbind enum users = yeswinbind enum groups = yestemplate homedir = /home/%Utemplate shell = /bin/bash
client use spnego = yesclient ntlmv2 auth = yesencrypt passwords = yeswinbind use default domain = yesrestrict anonymous = 2map acl inherit = yesnt acl support = yesdisable spoolss = yes
/etc/pam.d/
cp -rav /etc/pam.d/common-account /etc/pam.d/common-account.default
cp -rav /etc/pam.d/common-auth /etc/pam.d/common-auth.default
cp -rav /etc/pam.d/common-session /etc/pam.d/common-session.default
7/23/2019 How to Ubuntu Samba File Sharing With AD 2003 Authentication
3/12
cp -rav /etc/pam.d/sudo /etc/pam.d/sudo.default4
/etc/pam.d/common-account
account sufficient pam_winbind.soaccount required pam_unix.so
/etc/pam.d/common-auth
auth sufficient pam_winbind.soauth sufficient pam_unix.so nullok_secure use_first_passauth required pam_deny.so
/etc/pam.d/common-session
session required pam_unix.sosession required pam_mkhomedir.so umask=0022 skel=/etc/skel
/etc/pam.d/sudo
#%PAM-1.0@include common-authauth sufficient pam_winbind.soauth sufficient pam_unix.so use_first_passauth required pam_deny.so
@include common-acc
restart service
/etc/init.d/ntp restart
/etc/init.d/samba restart Ubuntu 10.04 /etc/init.d/smbrestart
/etc/init.d/winbind restart
password administrator ad Error krb5.conf test kerberos
klist
Ticket cache: FILE:/tmp/krb5cc_0Default principal:[email protected]
Valid starting Expires Service principal01/21/05 10:28:51 01/21/05 20:27:43 krbtgt/[email protected]
renew until 08/14/10 13:43:46
Join Domain host DNS record Windows Type Host (A) DNS
mailto:[email protected]:[email protected]:[email protected]7/23/2019 How to Ubuntu Samba File Sharing With AD 2003 Authentication
4/12
net join ads [email protected]
password administrator AD 2 ()join domain complete
/etc/init.d/samba restart
/etc/init.d/winbind restart
wbinfo -ug
show user group windows authen
cp -rav /etc/nsswitch.conf /etc/nsswitch.conf.default
/etc/nsswitch.conf
passwd: compat winbindgroup: compat winbindshadow: compathosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: filesprotocols: db filesservices: db filesethers: db filesrpc: db filesnetgroup: nis
getent passwd
AD
getent group
group AD /etc/group
7/23/2019 How to Ubuntu Samba File Sharing With AD 2003 Authentication
5/12
admin:x:117:olduser, ActiveDirectoryUser
/etc/sudoers
%adgroup ALL=(ALL) ALL
Reboot 1 Active Directory Users and Computers mysmb AD 2003
Ubuntu Samba Windows 2003 AD AD 2003 4User
IT ServiceIT01, IT02 ()AccountingAcc01, Acc02 MarketingMkt01, Mk02
PublicUser Acc User Accounting() IT User User IT01 Operation User IT01 Acc01
Anonymous (Login) notebook , User IT User ( IT) Webmin() Samba User Owner Group Owner IT Webmin Read only groups Read/Write Group
7/23/2019 How to Ubuntu Samba File Sharing With AD 2003 Authentication
6/12
Windows 2003 AD OU (Organizational Unit) OU Samba OU Resource Group
Public Public_Access Group
Acc_Access, IT_Access, Operation_Access OK
7/23/2019 How to Ubuntu Samba File Sharing With AD 2003 Authentication
7/12
User User IT01 OU IT Service OU User
Next
7/23/2019 How to Ubuntu Samba File Sharing With AD 2003 Authentication
8/12
Password 2 , , , Next Finish
User IT02, Acc01, Acc02, Mkt01, Mkt02 OU Windows () Ubuntu Public, Acc, IT, Operation/home mkdir
mkdir /home/public/home/acc/home/it/home/operation
555+chmod
chmod 770 /home/public /home/acc /home/operation
chmod 750 /home/it
770 (User Owner) Group Owner 750 Owner 4 User=root Group=root
lsl /home
/home
drwxrwx--- 2 root root 4096 2010-08-14 15:07 accdrwxr-x--- 2 root root 4096 2010-08-14 15:07 itdrwxrwx--- 2 root root 4096 2010-08-14 15:07 operationdrwxrwx--- 2 root root 4096 2010-08-14 15:07 public
root 2 root User root root Group root User GroupAD 2003
chown root:public_access /home/public
chown root:acc_access /home/acc
chown root:operation_access /home/operation
chown it01:it_access /home/it
7/23/2019 How to Ubuntu Samba File Sharing With AD 2003 Authentication
9/12
lsl /home
Group /home/it User it01
drwxrwx--- 2 root acc_access 4096 2010-08-14 15:07 accdrwxr-x--- 2 it01 it_access 4096 2010-08-14 15:07 itdrwxrwx--- 2 root operation_access 4096 2010-08-14 15:07 operation
drwxrwx--- 2 root public_access 4096 2010-08-14 15:07 public
/etc/samba/smb.conf
[Public]comment = Publicwriteable = yespath = /home/publicdelete readonly = yesforce create mode = 770force directory mode = 770directory mode = 770
create mode = 770[IT]comment = IT Servicewriteable = yespath = /home/itdelete readonly = yesforce create mode = 750force directory mode = 750directory mode = 750create mode = 750[Scan]
comment = Scan
writeable = yespath = /home/scandelete readonly = yesforce create mode = 770force directory mode = 770directory mode = 770create mode = 770[ACC]
comment =Accountingwriteable = yespath = /home/accdelete readonly = yesforce create mode = 770
force directory mode = 770directory mode = 770create mode = 770
comment , Restart Samba
/etc/init.d/samba restart
7/23/2019 How to Ubuntu Samba File Sharing With AD 2003 Authentication
10/12
Windows (XP SP3) \\mysmb \\192.168.1.251 domain.local User / Password
Domain Administrator ()
7/23/2019 How to Ubuntu Samba File Sharing With AD 2003 Authentication
11/12
Acc_Access, IT_Access, Operation_Access, Public_Access User GroupWindows 2003 AD OU IT ServiceIT01 Add to Group
Public_Access Check Names OK
User User
Acc_Access= Acc01, Acc02IT_Access = IT02, Acc01, Acc02, Mkt01, Mkt02(IT01 Owner User IT)Operation_Access= IT01, Acc01Public_Access= IT01, IT02, Acc01, Acc02, Mkt01, Mkt02
Add Logon User User IT02 Mkt01 Operation Error ()
Acc01 IT01 User IT01 IT User Error
7/23/2019 How to Ubuntu Samba File Sharing With AD 2003 Authentication
12/12
User / Group smb.conf restart service Samba ,
--------------------------------------------------------------------------------------------------------------By NarinNil | 14 Aug 2010 |[email protected]|http://www.facebook.com/narinnil
mailto:[email protected]:[email protected]:[email protected]://www.facebook.com/narinnilhttp://www.facebook.com/narinnilhttp://www.facebook.com/narinnilhttp://www.facebook.com/narinnilmailto:[email protected]Top Related