Fedora 8 with base
vim /etc/selinux/config
"SELINUX=disabled"
vim /etc/hosts
"192.168.123.228 test-ad.contoso.com test-ad"
yum install ntp
ntpdate
yum install samba
yum install samba-common
yum install samba-client
yum install samba-swat
chkconfig smb on
service smb start
service nmb start
chkconfig nmb on
cp /etc/samba/smb.conf /etc/samba/smb.conf.original
vi /etc/xinetd.d/swat
"only_from = 127.0.0.1 192.168.123.0/24"
"disable = no"
service xinetd start
chkconfig xinetd on
connecting the samba server to the AD
setup -> Authentication configuration
(only check following options)
-Use Winbind
-use MD5 passwords
-Use Shadow Passwords
-Local authorization is sufficient
-> next ->
-Security Model = ads
-Domain = CONTOSO.COM
-Domain Controllers = test-ad.contoso.com
-ADS Realm = CONTOSO.COM
-Template Shell = /sbin/nologin
-> next -> yes ->
Domain Administrator = Administrator
Password =
-> Ok -> Ok -> Quit
("wbinfo -u" command returns domain user list if the ad join is successful)
####################################################
vim /etc/nsswitch.conf
passwd: compat winbind
shadow: compat
group: compat winbind
###################################################
init 6 (restart the server)
####################################################
iptables rules for samba share access
iptables -A INPUT -m multiport -p TCP -s 192.168.123.0/24 --destination-ports
631,139,445 -j ACCEPT
iptables -A INPUT -m multiport -p UDP -s 192.168.123.0/24 --destination-ports
631,137,138 -j ACCEPT
iptables rules for SWAT access on port 901
iptables -A INPUT -p TCP -s 192.168.123.0/24 --destination-port 901 -j ACCEPT
####################################################
use http://samba-server-IP:901 to configure shares
[global]
workgroup = CONTOSO
realm = CONTOSO.COM
server string = Samba Server Version %v
security = ADS
password server = test-ad.contoso.com
passdb backend = tdbsam
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
preferred master = No
dns proxy = No
ldap ssl = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /sbin/nologin
winbind enum users = Yes
winbind enum groups = Yes
cups options = raw
[administrator]
path = /home/administrator
valid users = contoso\administrator
admin users = contoso\administrator
read only = No
####################################################
create samba directories on samba server
mkdir /home/administrator
chmod 777 /home/administrator
chmod a+s /home/administrator
####################################################
Please note that in my examples I've made following assumptions
192.168.123.0/24 is my LAN ip block
contoso.com is my AD domain
192.168.123.228 is my AD's IP
test-ad.contoso.com is my AD machine name
No comments:
Post a Comment