PDA

View Full Version : [SOLVED] Samba File server ADS Domain Member easy setup



vace
August 31st, 2012, 04:04 PM
Samba file sharing Domain member active directory
on Ubuntu 12.04 server

This is my first thread on this forum .
I lost 2-3 days to configure samba with a lot of pain and
headaches and finally got done. I had configured samba many times ago , but this way was different as i started with simplest configuration and added only needed commands only to make samba
working but i hadn't time to make extensive testing , so you can
post your feedback on this thread.

notice you don't need to write commented # descriptions
At first define names for configuration options:

YOURDOMAIN.LOCAL - name of your domain on local network
kdcserver - same as your domain server if only one, also can be server's ip address
'username' - user in which home directory share folder will stay
sambaserver - name of your linux server name in /etc/hostname


1. installation of services:
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install samba smbfs smbclient
sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config
sudo apt-get install winbind

2. edit /etc/krb5.conf with domain name (YOURDOMAIN.LOCAL)
[libdefaults]
default_realm = YOURDOMAIN.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = true

[realms]
YOURDOMAIN.LOCAL = {
kdc = kdcserver # kdcserver is full dns name of realm server same as domain server , or ip address can be also A.B.C.D
default_domain = yourdomain.local
}


[domain_realm]
.yourdomain.local = YOURDOMAIN.LOCAL
yourdomain.local = YOURDOMAIN.LOCAL


3. edit /etc/samba/smb.conf with domain name (YOURDOMAIN.LOCAL)
realm = YOURDOMAIN.LOCAL
workgroup = YOURDOMAIN
security = ads
preferred master = no
server string = Samba file server
encrypt passwords = yes
winbind separator = +
password server = kdcserver # your server name , full dns name or ip address A.B.C.D
idmap uid = 10000-99999
idmap gid = 10000-99999
log level = 3
log file = /var/log/samba/log.%m
max log size = 50
#client ntlmv2 auth = yes

# one share for testing
[testshare]
comment = Test share
path = /home/'username'/share # username name of user's home directory
read only = no


4. edit /etc/nsswitch.conf # very important winbind to work !!!

change lines to:

passwd: compat winbind
group: compat winbind
shadow: compat

5. edit /etc/hosts

# sambaserver is name of the linux server found in /etc/hostname
127.0.0.1 sambaserver sambaserver.yourdomain.local

# IP address and name of domain server and full dns domain
A.B.C.D kdcserver kdcserver.yourdomain.local


6. restart services and join domain
sudo service winbind restart
sudo service smbd restart
sudo kinit Administrator@YOURDOMAIN.LOCAL # domain must be with uppercases
- when asks put domain administrator password
sudo net ads join -U Administrator@YOURDOMAIN.LOCAL
- when asks put domain administrator password

7. test
mkdir /home/'username'/share
sudo chmod 777 /home/'username'/share
reboot computer
- after login test wbinfo
sudo wbinfo -g
sudo wbinfo -u

- if ok then test from local windows machine
if login windows popup problem with winbind , put full domain
name/username in login window and password
for troubleshooting read logs
cd /var/log/samba
tail -n 50 log.machine-name or other log files