Nice articles on Samba
http://www.phptr.com/articles/article.asp?p=419048&rl=1Mounting windows share
From FC5, smbfs is replaced by cifs. To mount a windows share, do thismount -t cifs -o username=xxx,password=yyy,rw //server/share_name /mnt/mount_name
Sharing Linux directories to Windows network
Most of these are from http://wiki.samba.org/index.php/Samba_&_Active_DirectorySetting up KRB5
krb5.conf
[libdefaults]
default_realm = DOMAIN.COM
[realms]
DOMAIN.COM = {
kdc = dc1.domain.com
admin_server = dc1.domain.com
default_domain = domain.com
}
[domain_realm]
.kerberos.server = DONAIM.COM
.domain.com = DOMAIN.COM
krb5.conf
[libdefaults]
default_realm = DOMAIN.COM
[realms]
DOMAIN.COM = {
kdc = dc1.domain.com
admin_server = dc1.domain.com
default_domain = domain.com
}
[domain_realm]
.kerberos.server = DONAIM.COM
.domain.com = DOMAIN.COM
default_realm = DOMAIN.COM
[realms]
DOMAIN.COM = {
kdc = dc1.domain.com
admin_server = dc1.domain.com
default_domain = domain.com
}
[domain_realm]
.kerberos.server = DONAIM.COM
.domain.com = DOMAIN.COM
Setting up Samba
smb.conf
workgroup = WINDOMAIN
preferred master = no
security = domain
encrypt passwords = yes
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
idmap uid = 10000-20000
idmap gid = 10000-20000
realm = DOMAIN.COM
password server = dc1.domain.com
[shared]
comment = Samba share
path = /samba_share
public = yes
writable = yes
printable = no
browsable = yes
preferred master = no
security = domain
encrypt passwords = yes
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
idmap uid = 10000-20000
idmap gid = 10000-20000
realm = DOMAIN.COM
password server = dc1.domain.com
[shared]
comment = Samba share
path = /samba_share
public = yes
writable = yes
printable = no
browsable = yes
Edit nsswitch
/etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns wins
shadow: files winbind
group: files winbind
hosts: files dns wins
Setting up PAM
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account sufficient /lib/security/$ISA/pam_winbind.so use_first_pass
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3 type=
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_winbind.so use_first_pass
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session required /lib/security/$ISA/pam_winbind.so use_first_pass
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account sufficient /lib/security/$ISA/pam_winbind.so use_first_pass account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 type= password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_winbind.so use_first_pass password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session required /lib/security/$ISA/pam_winbind.so use_first_pass
Joined this linux box to the windows domain
# net ads join -U administrator -S dc1.domain.com -w WINDOMAIN
administrator's password:
Using short domain name -- WINDOMAIN
Joined 'LINUXBOX01' to realm 'DOMAIN.COM'
# net ads join -U administrator -S dc1.domain.com -w WINDOMAIN administrator's password: Using short domain name -- WINDOMAIN Joined 'LINUXBOX01' to realm 'DOMAIN.COM'
