check out http://sadms.sourceforge.net/
It automates the process of configuring samba and PAM/kerberos with a GUI and works great!
SADMS = Samba as Active Directory Member Server
check out http://sadms.sourceforge.net/
It automates the process of configuring samba and PAM/kerberos with a GUI and works great!
SADMS = Samba as Active Directory Member Server
I use both Windows and Linux. Is that a crime? || Ubuntu User # 16597
I have used sadms successfully on 2 ubuntu workstations and 1 server on which I put a GUI (Xorg). Let me know if you have any questions, and I'll try to be as helpful as I can.
When I have the time I'll try to look at it as well . Might just be a ton easier than writing scripts to do it...
Thanks for the heads up!
-Richard
I use both Windows and Linux. Is that a crime? || Ubuntu User # 16597
Tested working on ubuntu server 7.04 with acticve directory on win2000
except need to change /etc/hosts
IP_ADDRESS server_name.domain.internal domain
#example 192.168.1.1 dns.domain.com domain.com
have a problem same as some had before
Using short domain name -- QQQ
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Disabled account for 'SSS-DESKTOP' in realm 'QQQ.XX'
Any solutions?
Try use sadms - same problem
In sadms, stage 1 is to install SADMS itself (Samba server) and stage 2 is to install the PAM modules (for authentication to Active Directory).
1. Sadms must be run as root (i.e. invoke with sudo).
2. For kerberos authentication to work, you will probably need to reset the password of the 'Domain Admin' account in 'Active Directory Users and Computers' (not to worry, because you can set it back again right away even before running Sadms). Do this for the Domain Admin account being used to add the Ubuntu machine to the Window$ domain.
3. See attached png of my working sadms configuration.
Hope this helps.
### just ignore my entire post unless you're bored. I solved my own problems and am leaving it here in hopes it will help others.
#### edit: regarding 1) below, as with SAMBA in LInux, you specific user lists with @ in the smb.conf. For example, valid users = @users. However, to create ACL's from the Windows Server AD, you have to specific the domain name (workgroup or netbios??) and the group. For example, valid users = @"domainname\users". That seems to do the trick after using SADMS to join my samba server to the AD.
1) if I do everything manually by hand on the first page of this tutorial, I get it working fine. However, since I grab a kerberos ticket as an administrator, all my users are able to map any of the samba shares, regardless of permission on the LInux box. I believe this is because it is passing my administrator kerberos ticket. If I destroy the administrator kerberos ticket (kdestroy), then I am unable to access any shares from the Windows machine to the samba server unless I create another kerberos ticket as administrator (kinit administrator@DOMAIN.NAME)
### Edit: Regarding 2) below, it turns out that the information SADMS is asking for is the samba server, NOT the Windows Server AD. Once i set that up correctly, the Winbind service started up correctly.
2) if I use SADMS, I cannot get the winbind service to start. It always shows up red colored, even if I try to start it manually with /etc/init.d/winbind start. It starts for a second, and then just shuts itself down. I have tried rebooting but winbind still does not run. I think initially when I installed SADMS I had it going, but I accidentally clicked the STOP button on the Winbind and now I cannot get it restarted for whatever reason. I also get this error, which I believe is related to winbind not being able to start, saying that I need to reset my administrative password on the windows server for some kind of encryption. However, no matter how many times I have reset it, the same error keeps popping up. Again, I believe it is because Winbind is not running.
Last edited by micro420; July 18th, 2007 at 05:19 AM.
The problem with Failed to set servicePrincipalNames solved.
Just add a string to /etc/hosts
192.168.111.111 myhost.my.ru myhost
Hi, I'm using ubuntu 7.04 feisty on a Windows 2003 Server Domain. I added a linux-devices group to the AD. This group is always mapped to the same gid on linux. So I added a group linux-devices with the groupadd command to the linux-machine. I used the same gid samba uses when it maps linux-devices group from the AD at login. groupadd complained about a duplicate group entry, so I forced groupadd with -f to ignore it. Afterwards I set the linux-devices group as ownergroup of the desired devices in udev. I think /etc/udev/rules.d/40-permissions and restarted udev. Now every Domain-user in the linux-devices group could access /dev/dsp,/dev/floppy ...
Afterwards I added the AD-admin users directly to the admin group in /etc/group. They now could do administrative tasks like sudo ...
Greetings
Bookmarks