#### Edit /etc/samba/smb.conf as follows ########################################### #======================= Global Settings =====================================

[global] worgroup = PVALENTINO_DOMAIN

server string = Comment of my choice

idmap uid = 16777216-33554431

idmap gid = 16777216-33554431

template shell = /bin/bash

winbind use default domain = yes

password server = PVALENTINO_DC1 PVALENTINO_DC2

realm = PVALENTINO.LAN # server string is the equivalent of the NT Description field server string = PVALENTINO Application Server

# This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see #the smb.conf man page

; hosts allow = 192.168.1. 192.168.2. 127.

load printers = yes # Put a capping on the size of the log files (in Kb).

max log size = 50

# Security mode. Most people will want user level security. See # security_level.txt for details.

security = ads

# Use password server option only with security = server

password server = PVALENTINO_DC1 PVALENTINO_DC2 # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case.

; password level = 8

; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents

; encrypt passwords = yes

; smb passwd file = /etc/samba/smbpasswd # The following are needed to allow password changing from Windows to # update the Linux system password also.

# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only # the encrypted SMB passwords. They allow the Unix password # to be kept in sync with the SMB password.

; unix password sync = Yes

; passwd program = /usr/bin/passwd %u

; passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn *passwd:*all*authentication*tokens*updated*successfully* # Unix users can map to different SMB User names

; username map = /etc/samba/smbusers # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 [data]

comment = batch processing directory

path = /data

public = no

writable = yes

# A read Only directory for logs

[log]

comment = Log Directory

path = /log

public = yes

read only = no

hide unreadable = yes

change permissions on data and log directories shown at end

############################### END smb.conf ###############################

#################### Edit /etc/samba/smbusers as follows ###################

# Unix_name = SMB_name1 SMB_name2 ...

root = administrator admin anotheradmin nobody = guest pcguest smbguest

#################### End smbusers ###########################################

#### Edit /etc/krb5.conf as follows ################

[logging]

default = FILE:/var/log/krb5libs.log

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmind.log

[libdefaults]

default_realm = PVALENTINO.LAN

dns_lookup_realm = false

dns_lookup_kdc = true

[realms]

EXAMPLE.COM = {

kdc = kerberos.example.com:88

admin_server = kerberos.example.com:749

default_domain = example.com

}

PVALENTINO.LAN = { kdc = PVALENTINO_dc1.PVALENTINO.lan }

[domain_realm]

.PVALENTINO.lan = PVALENTINO.LAN

PVALENTINO.lan = PVALENTINO.LAN

.kerberos.server = PVALENTINO.LAN

[kdc]

profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]

pam = {

debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false

}

####################### END /etc/krb5.conf ############################### ####################### Edit /etc/nsswitch.conf as follows ########## passwd: files winbind shadow: files group: files winbind services: files winbind protocol: files winbind netgroup: files winbind automount: files winbind ######################################################### ###################### Edit /etc/pam.d/system-auth as follows ####### add the following entries to their respective sections: This line goes after the pam_unix.so entry in auth section: auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass This line goes goes after pam_succeed_if.so entry in the account section: account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_winbind.so This line goes before the pam_deny.so entry in password section: password sufficient /lib/security/$ISA/pam_winbind.so use_authtok ##################### END ################################# Create etc/pam.d/gdm as follows: #%PAM-1.0 auth required pam_env.so auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session required pam_loginuid.so session optional pam_console.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0077 Edit /etc/pam.d/... gdm login and sshd as follows: Add the following entry to the bottom of each file session required pam_mkhomedir.so skel=/etc/skel/ umask=0077 Then make sure to manually create the directory /home/PVALENTINO_DOMAIN Change permissions on the shared directories from smb.conf do getent group grep "Windows Group Name" # to confirm you have correct name chgrp -R "Windows Group Name" /log chgrp -R "Windows Group Name" /data chmod 775 /log chmod 775 /data Run the following: chkconfig winbind on chkconfig smb on service start winbind service start smb net ads join -U administrator Test winbind with: # winbind -t # winbind -m # wbinfo -u TRAINING2$ TRAINING3$ TRAINING8$ ...... # wbinfo -g ........ getent passwd getent group