Samba

From Q
Jump to navigation Jump to search

Description

This is a short howto about connecting a Linux machine via Samba to an Windows ADS Domain.

Dependencies

USE-Flags

File: /etc/portage/package.use
net-nds/openldap kerberos samba
net-fs/samba -cups addns ads ldap winbind

Packages

Code: emerge samba -pv 
[ebuild  N     ] dev-libs/iniparser-3.0b-r2  USE="-examples -static-libs" 26 kB
[ebuild  N     ] sys-apps/keyutils-1.4-r1  39 kB
[ebuild  N     ] dev-libs/libgpg-error-1.10  USE="nls -common-lisp -static-libs" 429 kB
[ebuild  N     ] app-text/build-docbook-catalog-1.6  4 kB
[ebuild  N     ] dev-libs/libgcrypt-1.5.0_beta1-r2  USE="-static-libs" 1,146 kB
[ebuild  N     ] app-text/docbook-xsl-stylesheets-1.76.1  3,597 kB
[ebuild  N     ] app-crypt/mit-krb5-1.9-r4  USE="keyutils pkinit threads -doc -openldap -test -xinetd" 11,610 kB
[ebuild  N     ] dev-libs/libxslt-1.1.26-r1  USE="crypt python -debug" 3,322 kB
[ebuild  N     ] virtual/krb5-0  0 kB
[ebuild  N     ] sys-libs/tdb-1.2.7-r1  USE="python -static-libs -tdbtest -tools" 443 kB
[ebuild  N     ] sys-libs/talloc-2.0.5  USE="python -compat" 357 kB
[ebuild  N     ] net-nds/openldap-2.4.24  USE="berkdb crypt ipv6 kerberos perl samba ssl tcpd -cxx -debug -experimental -gnutls -icu -iodbc -minimal -odbc -overlays -sasl (-selinux) -slp -smbkrb5passwd -syslog" 5,118 kB
[ebuild  N     ] net-fs/samba-3.5.8-r1  USE="acl addns ads aio client ldap netapi pam readline server smbclient winbind -avahi -caps -cluster -cups -debug -doc -examples -fam -ldb -quota -smbsharemodes -smbtav2 -swat -syslog" 30,014 kB

Installation

# emerge samba

Configuration

See kerberos for the required kerberos configuration.

File: /etc/conf.d/samba
daemon_list="smbd nmbd winbind"
File: /etc/samba/smb.conf
[global]
        workgroup = YOURDOMAIN
        netbios name = HOSTNAME
        server string = HOSTNAME
        realm = YOURDOMAIN.LOCAL
        security = ADS
        encrypt passwords = yes
        password server = domaincontroller.yourdomain.local
        client use spnego = yes
        idmap uid = 15000-20000
        idmap gid = 15000-20000
        winbind use default domain = yes
        wins server = xxx.xxx.xxx.xxx
        dos charset = 850
        unix charset = UTF-8

include = /etc/samba/shares.conf
File: /etc/samba/shares.conf
[testshare]
        comment = Testshare
        path = /mnt/testshare
        valid users = YOURDOMAIN\username, @YOURDOMAIN\groupname
        writeable = No
        guest ok = Yes
        browseable = Yes
File: /etc/nsswitch.conf
passwd:      compat winbind
shadow:      compat winbind
group:       compat winbind

Join the ADS Domain

# net ads join -U Administrator

and enter the domain-administrator password.

Finalize

# /etc/init.d/samba start
# rc-update add samba default

Further Reading

  • Squid - Authentificate Squid users against ADS
  • kerberos - Kerberos configuration for authentificating users against ADS
  • pam_krb5 - Authentificate System users against ADS
  • not available yet - Manage your Samba shares in a MySQL database and administer them via a webinterface
Retrieved from "https://q-old.deltaquadrant.org/index.php?title=Samba&oldid=3560"