Ano-Tech Computers
Enter keyword:

Samba: Steps necessary to join an AD domain
Problem:
Besides editing /etc/samba/smb.conf there are a lot of steps necessary to configure Kerberos and Winbind. What are these steps?
 
Solution:
The best Kerberos documentation I've come across so far is this one:
http://www.linuxtopia.org/online_books/centos_linux_guides/centos_linux_reference_guide/s1-kerberos-server.html

In my own experience, these are the necessary steps:

0. Sync time using NTP or VMware-tools # Do it NOW.
1. Disable SElinux (and reboot)
2. Run yum install krb5-server krb5-workstation krb5-libs
3. Edit /etc/krb5.conf # REALM in UPPERCASE, domain in lowercase
4. Edit /var/kerberos/krb5kdc/kdc.conf # same here
5. Run kdb5_util create -s
6. Edit /var/kerberos/krb5kdc/kadm5.acl # and here
7. Run kadmin.local -q "addprinc root/admin"
8. Run service krb5kdc start
9. Run service kadmin start
10. Run kinit Administrator # Just to check - should ask for password
11. Run klist # Just to check - should show one ticket
12. Run ntsysv # Start krb5ldc and kadmin on boot
13. Edit /etc/security/pam_winbind.conf
14. Run net ads join -U Administrator
15. Run wbinfo -u # Just to check - should list all domain users


 
Discuss this solution
Did this article solve your problem? Yes No Did not apply

This is free technical advice without any warranties. Use at your own risk. Solutions offered may not apply to your particular problem at all. Opinions and views expressed in the articles are the authors' personal and may not necessarily reflect or coincide with those of Ano-Tech Computers. We take no responsibility if anything bad happens from following any of the intructions given. If you don't understand and accept this, please contact us for personal assistance instead.
To read our full disclaimer, go here.

We welcome anyone who is willing to contribute to this public knowledge base, contact siteadmin@atc.no if you have information you would like to share. The idea is not to replace the commercial support sites, but to publish those hard-to-find solutions you've found yourself looking for over and over again.

Show all articles