Forums.ATC.no

Teknisk => Generelt teknisk => Emne startet av: ATC på 12. Mai 2009, 08:42 am

Tittel: Samba: Steps necessary to join an AD domain
Skrevet av: ATC på 12. Mai 2009, 08:42 am

Besides editing /etc/samba/smb.conf there are a lot of steps necessary to configure Kerberos and Winbind. What are these steps?

Tittel: [Solved] Samba: Steps necessary to join an AD domain
Skrevet av: ATC på 12. Mai 2009, 08:42 am

The best Kerberos documentation I've come across so far is this one:
http://www.linuxtopia.org/online_books/centos_linux_guides/centos_linux_reference_guide/s1-kerberos-server.html

In my own experience, these are the necessary steps:
 
0. Sync time using NTP or VMware-tools  # Do it NOW.
1. Disable SElinux (and reboot)
2. Run yum install krb5-server krb5-workstation krb5-libs
3. Edit /etc/krb5.conf         # REALM in UPPERCASE, domain in lowercase
4. Edit /var/kerberos/krb5kdc/kdc.conf   # same here
5. Run kdb5_util create -s
6. Edit /var/kerberos/krb5kdc/kadm5.acl   # and here
7. Run kadmin.local -q "addprinc root/admin"
8. Run service krb5kdc start
9. Run service kadmin start
10. Run kinit Administrator      # Just to check - should ask for password
11. Run klist            # Just to check - should show one ticket
12. Run ntsysv            # Start krb5ldc and kadmin on boot
13. Edit /etc/security/pam_winbind.conf
14. Run net ads join -U Administrator
15. Run wbinfo -u         # Just to check - should list all domain users