SlideShare a Scribd company logo

Cent os 5.1 - configuring samba 3.0 to use the ads security mode

B Sasi Kumar
B Sasi Kumar
Technology
1 of 10
Download to read offline
Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 1 of 10 Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) This is the first line in the Samba 3.0 release notes: "Active Directory support. Samba 3.0 is now able to join an ADS (Active Directory Service) realm as a member server and authenticate users using LDAP/Kerberos." The intent of this article is to show you how to configure your Linux machine and Samba server to participate in a Windows 2003 Active Directory domain as a Member Server using Kerberos authentication. This involves using the security = ADS security mode in Samba. Why would you want to do this? This eliminates the need to create separate Samba user accounts on your Linux server so your Windows users can access the Samba shares. Besides eliminating a lot of administrative overhead, without this, you would need to try to keep the password for the Samba user account synched with the password for the user in the AD domain. If you didn't and a Windows user changed his password, he would be prompted for a password every time he accessed a Samba share. Probably the main advantage to the security = ADS security mode is if you are running a Win2003 AD domain in native mode and your security policy prohibits the use of NT- compatible authentication protocols. All of your workstations would be Windows 2000 or XP Professional. In this case, Samba was not previously able to act as a Domain Member server in the domain. If you want to be able to use winbind (discussed in another article), your Samba server MUST be a domain Member Server. If you're not familiar with the different AD modes, here's a brief explanation. In mixed mode, all windows clients are able to authenticate to the domain including Win9x, NT4, Win2k, and XP Pro. Samba could also be a Member Server of this domain. Active Directory in native mode perfectly allows NT4-style Domain Members. This is contrary to popular belief. Active Directory in native mode prohibits only the use of Backup Domain Controllers running MS Windows NT4. Using AD in native mode and restricting the use of the NT-compatible authentication protocols (i.e., using Kerberos authentication), only Win2k and XP Pro clients can belong to the domain. If you have a network with just Win2k and XP Pro clients, this is the preferred and most secure mode. Contents http://howtoforge.com/book/print/2279/1/all 04-19-2008
Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 2 of 10 1. Network Setup 2. Installing Kerberos 3. Installing Samba 3.0 4. Configure Kerberos 5. Configure Samba Network Setup This is the setup on our network: Linux: CentOS with Samba 3.0 installed from the RPM package from CentOS CDs. host/NetBIOS name – sambaserver (eth0: 10.0.0.1) Win2003: Windows 2003 Enterprise Server Active Directory (Domain Controller) running SP1 Machine name – server (eth0: 10.0.0.1) (eth1: 192.168.1.1) AD domain name – fahdaziz.com.pk Network domain name - fahdaziz.com.pk Running DNS for the entire network (eth0: 10.0.0.0) Running DHCP for the entire network (eth0: 10.0.0.0) Installing Kerberos The most crucial thing you need to make this work is to have Kerberos V5 installed on your Linux machine. You will not need to configure your CentOS machine as a Kerberos server, though. You can check to see if they are already installed by using the rpm -q command: rpm -q krb5-libs rpm -q krb5-workstation http://howtoforge.com/book/print/2279/1/all 04-19-2008
Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 3 of 10 rpm -q krb5-server These should return the version numbers, not error messages. If you don't already have them installed, you can find them on the CentOS CDs. You can install them from the command line using: rpm -ivh <packagename> If your distribution uses RPM packages, try www.rpmfind.net. You can also go to http://web.mit.edu/Kerberos/www/index.html for the latest release of Kerberos. If you have yum installed on your RPM based distribution, you can execute: yum install krb5-libs yum install krb5-workstation yum install krb5-server Once you get Kerberos installed on your CentOS machine, there's a few critical things you need to check: 1. The time on your Win2003 AD server and your CentOS machine must match. The default Kerberos setting allows for a 5-minute discrepency. I reccomend setting them as close as possible to allow for drift over time. This is ABSOLUTELY CRITICAL! If the clocks don't match, it won't work. This also applies to any other machine in your AD domain you want to authenticate to from your CentOS machine using Kerberos. 2. Any user account in the Win2003 AD domain you are going to use for authentication using Kerberos must have had the password changed at least once since it was created. If the password has never been changed since the account was created THIS WON'T WORK!!. On the accounts I used, I just changed the passwords, then changed them right back to their originals. Installing Samba 3.0 Here's the steps to follow to install Samba 3.0: 1. Remove the old version of Samba from the computer with this command: rpm -e samba http://howtoforge.com/book/print/2279/1/all 04-19-2008
Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 4 of 10 If you installed Samba from the CENTOS CDs, you will probably have to remove more than one rpm package. You can use the CENTOS GUI package manager or execute: rpm -qa | grep samba to list the Samba packages that are installed, then uninstall them from the command line. You should uninstall your current version of Samba before installing Samba 3. When you remove Samba, the rpm command will back up your smb.conf file to smb.conf.rpmsave. I reccomend you make a backup copy of it yourself though. If you're not using CentOS, then use the method that is specific to your Linux distribution to uninstall Samba. If you installed Samba from source, see the documentation from Samba.org to uninstall it. 2. Download and install Samba 3 rpm package for CENTOS. Once it's downloaded from the Samba.org site, just use: rpm -ivh samba-3.0.0-1.i386.rpm or yum install samba to install it. If you're not using CentOS, then use the method that is specific to your Linux distribution to install it. If you are installing Samba from source, see the documentation from Samba.org to install it. Once you install it, make the smb.conf.rpmsave file your active smb.conf file or restore your backup copy of smb.conf, then start Samba. Test it to be sure it works as it did before. Your Samba server should work the same with Samba 3 as it did with Samba 2.2. Once you've tested Samba 3 to be sure it's working properly, it's CRITICAL that you stop it before you continue with further configuration. If you don't stop Samba, the following attempts to configure it will most likely fail. Copyright (c) 2007 Fahd Aziz Permission is granted to copy, distribute and/or modify the content of this page under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is available at http://www.gnu.org/licenses/fdl.html http://howtoforge.com/book/print/2279/1/all 04-19-2008
Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 5 of 10 Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) - Page 2 Configure Kerberos If you're not familiar with Kerberos, there's a few things you can read to familiarize yourself with it: The most important thing in configuring Kerberos is the /etc/krb5.conf file. There should be an example one in /etc you can modify (that's what I did). If not, then just create one. Here's a copy of mine: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = FAHDAZIZ.COM.PK [realms] FAHDAZIZ.COM.PK = { kdc = server.fahdaziz.com.pk admin_server = server.fahdaziz.com.pk default_domain = fahdaziz.com.pk } [domain_realm] . fahdaziz.com.pk = FAHDAZIZ.COM.PK fahdaziz.com.pk = FAHDAZIZ.COM.PK [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 http://howtoforge.com/book/print/2279/1/all 04-19-2008
Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 6 of 10 renew_lifetime = 36000 forwardable = true krb4_convert = false } All of the literature I read said the realm name should be in upper case but doesn't have to be. I took their recommendation. As you can see, I named my realm the same as the AD Domain name. It just so happens that my AD Domain name is the same as my network domain name but that's not always the case. Use your AD DC as the kdc (Key Distribution Center) in your file. You should also list it as the admin server. If you have more than one DC in your AD domain, you can list them as kdc entries. Once you get your krb5.conf file done, you can test it with the kinit command. Execute: kinit username@REALM where username is the name of an account in your AD Domain. It should prompt you for a password. Enter the password for that user in the AD Domain. Note that you must enter the name of the realm in uppercase letters. If it executes without error, then execute klist to see your Kerberos ticket. Here are the commands I entered: [root@sambaserver home]$ kinit Administrator@FAHDAZIZ.COM.PK Password for Administrator@FAHDAZIZ.COM.PK: [root@sambaserver home]$ klist Ticket cache: FILE:/tmp/krb5cc_500 Default principal: Administrator@FAHDAZIZ.COM.PK Valid starting Expires Service principal 01/28/07 15:35:40 01/29/07 01:35:40 krbtgt/ FAHDAZIZ.COM.PK @ IVENTSTER.COM.PK Kerberos 4 ticket cache: /tmp/tkt500 klist: You have no tickets cached [root@sambaserver home]$ If you get any error messages, make sure that: http://howtoforge.com/book/print/2279/1/all 04-19-2008
Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 7 of 10 - you have no spelling errors in your krb5.conf file - the times are synched on your machines - the password has been changed at least once on the username you are using. Once you get a ticket from the AD DC, test it out by using Kerberos authentication with the smbclient command to view the shares on your Win2k AD DC: smbclient -L /servername -k That should return a list of all the shares on the DC. Here's how the command worked on my machine: [root@sambaserver home]$ smbclient -L /server -k Sharename Type Comment --------- ---- ------- photos Disk IPC$ IPC Remote IPC D$ Disk Default share rlcowan Disk NETLOGON Disk Logon server share Family Disk ADMIN$ Disk Remote Admin SYSVOL Disk Logon server share Linux Disk C$ Disk Default share Server Comment --------- ------- Workgroup Master --------- ------- [root@sambaserver home]$ After you execute that, you should have another ticket for the server. You can view it with klist like this: [root@sambaserver home]$ klist Ticket cache: FILE:/tmp/krb5cc_500 http://howtoforge.com/book/print/2279/1/all 04-19-2008
Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 8 of 10 Default principal: Administrator@FAHDAZIZ.COM.PK Valid starting Expires Service principal 09/28/03 15:35:40 09/29/03 01:35:40 krbtgt/ FAHDAZIZ.COM.PK @ FAHDAZIZ.COM.PK 09/28/03 15:42:13 09/29/03 01:35:40 pe500sc$@ FAHDAZIZ.COM.PK Kerberos 4 ticket cache: /tmp/tkt500 klist: You have no tickets cached [root@sambaserver home]$ Configure Samba When you install Samba from the Samba.org rpm package, it will also install SWAT. Before you configure Samba, I suggest you fire up SWAT and read the document listed on the SWAT home page titled "The Samba HOWTO Collection" It has a section in it that deals with Win2k AD and Kerberos. You now need to make the changes to your smb.conf file to enable Kerberos authentication and so you can join the AD domain. The important lines in smb.conf are: realm = YOUR.REALM security = ads password server = <ip address or name of DC> Here's a copy of my smb.conf file: [global] workgroup = fahdaziz netbios name = sambaserver server string = Samba Server 3.0 security = ads realm = FAHDAZIZ.COM.PK password server = 10.0.0.1 encrypt passwords = yes printcap name = /etc/printcap load printers = yes printing = cups log file = /var/log/samba/%m.log http://howtoforge.com/book/print/2279/1/all 04-19-2008
Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 9 of 10 max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no dns proxy = no #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 [printers] comment = All Printers path = /var/spool/samba browseable = yes guest ok = yes writable = no printable = yes Once you make the changes to smb.conf and before you start Samba, you need to join the AD domain. Before you do so there are two things that you should check: - If there is a file named /etc/samba/secrets.tdb either delete, move or rename it. This file would be from your previous connections to the domain. A new one will be created when you join the domain. - If there is an existing machine account in your AD domain for your Samba server, delete it. A new one will be created when you join the AD domain. Here are the commands I used as root to join the AD domain: kinit Administrator@FAHDAZIZ.COM.PK http://howtoforge.com/book/print/2279/1/all 04-19-2008
Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 10 of 10 net ads join -Uadministrator%password The first command gets the Kerberos ticket you need to authenticate to the AD domain. You need to use the username of an account in your AD domain that has permission to join computers to the domain. The second command joins the domain. If you're familiar with the command used with Samba 2.2 to join a domain, you'll notice the difference. smbpasswd is not used any more for this purpose. If you successfully join the AD domain, you should receive a message stating that you successfully joined the Domain. You should also see a new /etc/samba/secrets.tdb file. There should also be a new machine account created in your Active Directory. If you look at the properties of the machine account, you should see that the OS is listed as Samba 3.0. Once you've successfully joined the AD domain, start Samba in CentOS using: service smb start or use whatever command you use with your distribution to start Samba. One advantage to using this type of authentication is that you don't need to create Samba accounts on the Linux server with the smbpasswdcommand. There is no need for the /etc/samba/smbpasswd file. You Windows users only need to be be concerned with one user account. However, each user that accesses the Samba server will still need to have a valid Linux user account on the server that matches the account in the AD domain. The purpose of this account is to control access to the the Linux file system. The password for that account does not need to match the Win2k AD domain account password. The account doesn't even need to have the ability to log in locally to the Linux machine. It does have to exist however and it must have the proper permissions to the directories you are sharing out with Samba for the user to access them. This hasn't changed from Samba 2.2. To get around the need for for local Linux accounts, you need to use winbind. It'll be interesting to see how that will work in conjuction with an AD domain. But that's the subject of another article. Copyright (c) 2007 Fahd Aziz Permission is granted to copy, distribute and/or modify the content of this page under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is available at http://www.gnu.org/licenses/fdl.html http://howtoforge.com/book/print/2279/1/all 04-19-2008

Recommended

grate techniques
grate techniquesgrate techniques
grate techniquesjunaid novapex
 
Tutorial CentOS 5 untuk Webhosting
Tutorial CentOS 5 untuk WebhostingTutorial CentOS 5 untuk Webhosting
Tutorial CentOS 5 untuk WebhostingBeni Krisbiantoro
 
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...LumoSpark
 
Kannel configuration step by step with Motorolla Razer
Kannel configuration step by step with Motorolla RazerKannel configuration step by step with Motorolla Razer
Kannel configuration step by step with Motorolla RazerMahtab Rasheed
 
Linux corporate-training-in-mumbai
Linux corporate-training-in-mumbaiLinux corporate-training-in-mumbai
Linux corporate-training-in-mumbaiUnmesh Baile
 
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platformDrupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platformHector Iribarne
 
Installing lemp with ssl and varnish on Debian 9
Installing lemp with ssl and varnish on Debian 9Installing lemp with ssl and varnish on Debian 9
Installing lemp with ssl and varnish on Debian 9عطاءالمنعم اثیل شیخ
 
Tested install-isp config3-ubuntu-16-04
Tested install-isp config3-ubuntu-16-04Tested install-isp config3-ubuntu-16-04
Tested install-isp config3-ubuntu-16-04SANTIAGO HERNÁNDEZ
 

Recommended

grate techniques
grate techniquesgrate techniques
grate techniquesjunaid novapex
 
Tutorial CentOS 5 untuk Webhosting
Tutorial CentOS 5 untuk WebhostingTutorial CentOS 5 untuk Webhosting
Tutorial CentOS 5 untuk WebhostingBeni Krisbiantoro
 
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...LumoSpark
 
Kannel configuration step by step with Motorolla Razer
Kannel configuration step by step with Motorolla RazerKannel configuration step by step with Motorolla Razer
Kannel configuration step by step with Motorolla RazerMahtab Rasheed
 
Linux corporate-training-in-mumbai
Linux corporate-training-in-mumbaiLinux corporate-training-in-mumbai
Linux corporate-training-in-mumbaiUnmesh Baile
 
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platformDrupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platformHector Iribarne
 
Installing lemp with ssl and varnish on Debian 9
Installing lemp with ssl and varnish on Debian 9Installing lemp with ssl and varnish on Debian 9
Installing lemp with ssl and varnish on Debian 9عطاءالمنعم اثیل شیخ
 
Tested install-isp config3-ubuntu-16-04
Tested install-isp config3-ubuntu-16-04Tested install-isp config3-ubuntu-16-04
Tested install-isp config3-ubuntu-16-04SANTIAGO HERNÁNDEZ
 
Samba
SambaSamba
SambaMd Shihab
 
mail server
mail servermail server
mail serverchacheng oo
 
Ubuntu安装SVN总结
Ubuntu安装SVN总结Ubuntu安装SVN总结
Ubuntu安装SVN总结wensheng wei
 
How to set up and Configure Kannel, A quick start
How to set up and Configure Kannel, A quick startHow to set up and Configure Kannel, A quick start
How to set up and Configure Kannel, A quick startMobME Technical
 
Raw Iron to Enterprise Server: Installing Domino on Linux
Raw Iron to Enterprise Server: Installing Domino on LinuxRaw Iron to Enterprise Server: Installing Domino on Linux
Raw Iron to Enterprise Server: Installing Domino on LinuxDevin Olson
 
Making the secure communication between Server and Client with https protocol
Making the secure communication between Server and Client with https protocolMaking the secure communication between Server and Client with https protocol
Making the secure communication between Server and Client with https protocolArmenuhi Abramyan
 
Ubuntu vps setup
Ubuntu vps setupUbuntu vps setup
Ubuntu vps setupVijay Sharma
 
Asa 8.3 upgrade what you need to know
Asa 8.3 upgrade what you need to knowAsa 8.3 upgrade what you need to know
Asa 8.3 upgrade what you need to knowIT Tech
 
Bare Metal Cloud: 実マシンを提供するクラウドサービス (SWoPP 2010)
Bare Metal Cloud: 実マシンを提供するクラウドサービス (SWoPP 2010)Bare Metal Cloud: 実マシンを提供するクラウドサービス (SWoPP 2010)
Bare Metal Cloud: 実マシンを提供するクラウドサービス (SWoPP 2010)Yasuhito Takamiya
 
Samba Optimization and Speed Tuning f...
Samba Optimization and Speed Tuning f...Samba Optimization and Speed Tuning f...
Samba Optimization and Speed Tuning f...wensheng wei
 
Installation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server EditionInstallation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server EditionSammy Fung
 
Squid
SquidSquid
SquidChirag Gupta
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleChanaka Lasantha
 
Step by-step installation of a secure linux web dns- and mail server
Step by-step installation of a secure linux web dns- and mail serverStep by-step installation of a secure linux web dns- and mail server
Step by-step installation of a secure linux web dns- and mail serverIntegrated Circuit Design Research & Education Center (ICDREC)
 
在Oel5上安装配置oracle gird control 10.2.0.5
在Oel5上安装配置oracle gird control 10.2.0.5在Oel5上安装配置oracle gird control 10.2.0.5
在Oel5上安装配置oracle gird control 10.2.0.5maclean liu
 
How To Deploy A Cloud Based Webserver in 5 minutes - LAMP
How To Deploy A Cloud Based Webserver in 5 minutes - LAMPHow To Deploy A Cloud Based Webserver in 5 minutes - LAMP
How To Deploy A Cloud Based Webserver in 5 minutes - LAMPMatt Dunlap
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server13bcs0012
 
Fosdem how you can benefit from redis, javier ramirez @ teowaki
Fosdem how you can benefit from redis, javier ramirez @ teowakiFosdem how you can benefit from redis, javier ramirez @ teowaki
Fosdem how you can benefit from redis, javier ramirez @ teowakijavier ramirez
 
MySql Restore Script
MySql Restore ScriptMySql Restore Script
MySql Restore ScriptHızlan ERPAK
 
Forget MAMP and WAMP, Use Virtual Box to Have a Real Ubuntu Server
Forget MAMP and WAMP, Use Virtual Box to Have a Real Ubuntu ServerForget MAMP and WAMP, Use Virtual Box to Have a Real Ubuntu Server
Forget MAMP and WAMP, Use Virtual Box to Have a Real Ubuntu Serveraaroncouch
 
Configuring RAID 1 on CentOs
Configuring RAID 1 on CentOsConfiguring RAID 1 on CentOs
Configuring RAID 1 on CentOsMehdi Poustchi Amin
 
6. centos networking
6. centos networking6. centos networking
6. centos networkingMohd yasin Karim
 

More Related Content

What's hot

Ubuntu安装SVN总结
Ubuntu安装SVN总结Ubuntu安装SVN总结
Ubuntu安装SVN总结wensheng wei
 
How to set up and Configure Kannel, A quick start
How to set up and Configure Kannel, A quick startHow to set up and Configure Kannel, A quick start
How to set up and Configure Kannel, A quick startMobME Technical
 
Raw Iron to Enterprise Server: Installing Domino on Linux
Raw Iron to Enterprise Server: Installing Domino on LinuxRaw Iron to Enterprise Server: Installing Domino on Linux
Raw Iron to Enterprise Server: Installing Domino on LinuxDevin Olson
 
Making the secure communication between Server and Client with https protocol
Making the secure communication between Server and Client with https protocolMaking the secure communication between Server and Client with https protocol
Making the secure communication between Server and Client with https protocolArmenuhi Abramyan
 
Asa 8.3 upgrade what you need to know
Asa 8.3 upgrade what you need to knowAsa 8.3 upgrade what you need to know
Asa 8.3 upgrade what you need to knowIT Tech
 
Bare Metal Cloud: 実マシンを提供するクラウドサービス (SWoPP 2010)
Bare Metal Cloud: 実マシンを提供するクラウドサービス (SWoPP 2010)Bare Metal Cloud: 実マシンを提供するクラウドサービス (SWoPP 2010)
Bare Metal Cloud: 実マシンを提供するクラウドサービス (SWoPP 2010)Yasuhito Takamiya
 
Samba Optimization and Speed Tuning f...
Samba Optimization and Speed Tuning f...Samba Optimization and Speed Tuning f...
Samba Optimization and Speed Tuning f...wensheng wei
 
Installation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server EditionInstallation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server EditionSammy Fung
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleChanaka Lasantha
 
在Oel5上安装配置oracle gird control 10.2.0.5
在Oel5上安装配置oracle gird control 10.2.0.5在Oel5上安装配置oracle gird control 10.2.0.5
在Oel5上安装配置oracle gird control 10.2.0.5maclean liu
 
How To Deploy A Cloud Based Webserver in 5 minutes - LAMP
How To Deploy A Cloud Based Webserver in 5 minutes - LAMPHow To Deploy A Cloud Based Webserver in 5 minutes - LAMP
How To Deploy A Cloud Based Webserver in 5 minutes - LAMPMatt Dunlap
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server13bcs0012
 
Fosdem how you can benefit from redis, javier ramirez @ teowaki
Fosdem how you can benefit from redis, javier ramirez @ teowakiFosdem how you can benefit from redis, javier ramirez @ teowaki
Fosdem how you can benefit from redis, javier ramirez @ teowakijavier ramirez
 
MySql Restore Script
MySql Restore ScriptMySql Restore Script
MySql Restore ScriptHızlan ERPAK
 
Forget MAMP and WAMP, Use Virtual Box to Have a Real Ubuntu Server
Forget MAMP and WAMP, Use Virtual Box to Have a Real Ubuntu ServerForget MAMP and WAMP, Use Virtual Box to Have a Real Ubuntu Server
Forget MAMP and WAMP, Use Virtual Box to Have a Real Ubuntu Serveraaroncouch
 

What's hot (20)

Samba
SambaSamba
Samba
 
mail server
mail servermail server
mail server
 
Ubuntu安装SVN总结
Ubuntu安装SVN总结Ubuntu安装SVN总结
Ubuntu安装SVN总结
 
How to set up and Configure Kannel, A quick start
How to set up and Configure Kannel, A quick startHow to set up and Configure Kannel, A quick start
How to set up and Configure Kannel, A quick start
 
Raw Iron to Enterprise Server: Installing Domino on Linux
Raw Iron to Enterprise Server: Installing Domino on LinuxRaw Iron to Enterprise Server: Installing Domino on Linux
Raw Iron to Enterprise Server: Installing Domino on Linux
 
Making the secure communication between Server and Client with https protocol
Making the secure communication between Server and Client with https protocolMaking the secure communication between Server and Client with https protocol
Making the secure communication between Server and Client with https protocol
 
Ubuntu vps setup
Ubuntu vps setupUbuntu vps setup
Ubuntu vps setup
 
Asa 8.3 upgrade what you need to know
Asa 8.3 upgrade what you need to knowAsa 8.3 upgrade what you need to know
Asa 8.3 upgrade what you need to know
 
Bare Metal Cloud: 実マシンを提供するクラウドサービス (SWoPP 2010)
Bare Metal Cloud: 実マシンを提供するクラウドサービス (SWoPP 2010)Bare Metal Cloud: 実マシンを提供するクラウドサービス (SWoPP 2010)
Bare Metal Cloud: 実マシンを提供するクラウドサービス (SWoPP 2010)
 
Samba Optimization and Speed Tuning f...
Samba Optimization and Speed Tuning f...Samba Optimization and Speed Tuning f...
Samba Optimization and Speed Tuning f...
 
Installation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server EditionInstallation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server Edition
 
Squid
SquidSquid
Squid
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmaple
 
Step by-step installation of a secure linux web dns- and mail server
Step by-step installation of a secure linux web dns- and mail serverStep by-step installation of a secure linux web dns- and mail server
Step by-step installation of a secure linux web dns- and mail server
 
在Oel5上安装配置oracle gird control 10.2.0.5
在Oel5上安装配置oracle gird control 10.2.0.5在Oel5上安装配置oracle gird control 10.2.0.5
在Oel5上安装配置oracle gird control 10.2.0.5
 
How To Deploy A Cloud Based Webserver in 5 minutes - LAMP
How To Deploy A Cloud Based Webserver in 5 minutes - LAMPHow To Deploy A Cloud Based Webserver in 5 minutes - LAMP
How To Deploy A Cloud Based Webserver in 5 minutes - LAMP
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server
 
Fosdem how you can benefit from redis, javier ramirez @ teowaki
Fosdem how you can benefit from redis, javier ramirez @ teowakiFosdem how you can benefit from redis, javier ramirez @ teowaki
Fosdem how you can benefit from redis, javier ramirez @ teowaki
 
MySql Restore Script
MySql Restore ScriptMySql Restore Script
MySql Restore Script
 
Forget MAMP and WAMP, Use Virtual Box to Have a Real Ubuntu Server
Forget MAMP and WAMP, Use Virtual Box to Have a Real Ubuntu ServerForget MAMP and WAMP, Use Virtual Box to Have a Real Ubuntu Server
Forget MAMP and WAMP, Use Virtual Box to Have a Real Ubuntu Server
 

Viewers also liked

Building a Linux IPv6 DNS Server Project review PPT v3.0 First review
Building a Linux IPv6 DNS Server Project review PPT v3.0 First reviewBuilding a Linux IPv6 DNS Server Project review PPT v3.0 First review
Building a Linux IPv6 DNS Server Project review PPT v3.0 First reviewHari
 
How to configure dns server(2)
How to configure dns server(2)How to configure dns server(2)
How to configure dns server(2)Amandeep Kaur
 
Chapter 4 configuring and managing the dns server role
Chapter 4 configuring and managing the dns server roleChapter 4 configuring and managing the dns server role
Chapter 4 configuring and managing the dns server roleLuis Garay
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Servervipulvaid
 
Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dnsAnand Grewal
 
Presentation on Domain Name System
Presentation on Domain Name SystemPresentation on Domain Name System
Presentation on Domain Name SystemChinmay Joshi
 
Domain Name System DNS
Domain Name System DNSDomain Name System DNS
Domain Name System DNSAkshay Tiwari
 

Viewers also liked (20)

Configuring RAID 1 on CentOs
Configuring RAID 1 on CentOsConfiguring RAID 1 on CentOs
Configuring RAID 1 on CentOs
 
6. centos networking
6. centos networking6. centos networking
6. centos networking
 
Building a Linux IPv6 DNS Server Project review PPT v3.0 First review
Building a Linux IPv6 DNS Server Project review PPT v3.0 First reviewBuilding a Linux IPv6 DNS Server Project review PPT v3.0 First review
Building a Linux IPv6 DNS Server Project review PPT v3.0 First review
 
Dns centos
Dns centosDns centos
Dns centos
 
70 640
70 64070 640
70 640
 
Dns
DnsDns
Dns
 
Presentation
PresentationPresentation
Presentation
 
DNS (BIND) on CentOS
DNS (BIND) on CentOSDNS (BIND) on CentOS
DNS (BIND) on CentOS
 
6421 b Module-03
6421 b Module-036421 b Module-03
6421 b Module-03
 
Seo2 india devang barot - google public dns
Seo2 india devang barot - google public dnsSeo2 india devang barot - google public dns
Seo2 india devang barot - google public dns
 
How to configure dns server(2)
How to configure dns server(2)How to configure dns server(2)
How to configure dns server(2)
 
Chapter 4 configuring and managing the dns server role
Chapter 4 configuring and managing the dns server roleChapter 4 configuring and managing the dns server role
Chapter 4 configuring and managing the dns server role
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Server
 
How To Install CentOS 7
How To Install CentOS 7How To Install CentOS 7
How To Install CentOS 7
 
Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dns
 
Domain name system
Domain name systemDomain name system
Domain name system
 
Domain name system
Domain name systemDomain name system
Domain name system
 
Introduction to DNS
Introduction to DNSIntroduction to DNS
Introduction to DNS
 
Presentation on Domain Name System
Presentation on Domain Name SystemPresentation on Domain Name System
Presentation on Domain Name System
 
Domain Name System DNS
Domain Name System DNSDomain Name System DNS
Domain Name System DNS
 

Similar to Cent os 5.1 - configuring samba 3.0 to use the ads security mode

Samba server configuration
Samba server configurationSamba server configuration
Samba server configurationRohit Phulsunge
 
Dru lavigne servers-tutorial
Dru lavigne servers-tutorialDru lavigne servers-tutorial
Dru lavigne servers-tutorialDru Lavigne
 
Free radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integrationFree radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integrationChanaka Lasantha
 
Samba server linux (SMB) BY ROHIT MALAV
Samba server linux (SMB) BY ROHIT MALAVSamba server linux (SMB) BY ROHIT MALAV
Samba server linux (SMB) BY ROHIT MALAVRohit malav
 
Practical solutions for connections administrators
Practical solutions for connections administratorsPractical solutions for connections administrators
Practical solutions for connections administratorsSharon James
 
Install websphere message broker 8 RHEL 6 64 bits
Install websphere message broker 8 RHEL 6 64 bitsInstall websphere message broker 8 RHEL 6 64 bits
Install websphere message broker 8 RHEL 6 64 bitsManuel Vega
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guidejasembo
 
samba server setup Pts ppt (rohit malav)
samba server setup Pts ppt (rohit malav)samba server setup Pts ppt (rohit malav)
samba server setup Pts ppt (rohit malav)Rohit malav
 
TrinityCore server install guide
TrinityCore server install guideTrinityCore server install guide
TrinityCore server install guideSeungmin Shin
 
Setting up mongodb sharded cluster in 30 minutes
Setting up mongodb sharded cluster in 30 minutesSetting up mongodb sharded cluster in 30 minutes
Setting up mongodb sharded cluster in 30 minutesSudheer Kondla
 
Build your own secure mail server on the cloud using Amazon Web Services
Build your own secure mail server on the cloud using Amazon Web ServicesBuild your own secure mail server on the cloud using Amazon Web Services
Build your own secure mail server on the cloud using Amazon Web Servicesponukumatla joel nishanth
 
Snort296x centos6x 2
Snort296x centos6x 2Snort296x centos6x 2
Snort296x centos6x 2Trinh Tuan
 
Tutorial : Zimbra on BlankOn
Tutorial : Zimbra on BlankOnTutorial : Zimbra on BlankOn
Tutorial : Zimbra on BlankOnprinceofgiri
 
SaltConf14 - Ben Cane - Using SaltStack in High Availability Environments
SaltConf14 - Ben Cane - Using SaltStack in High Availability EnvironmentsSaltConf14 - Ben Cane - Using SaltStack in High Availability Environments
SaltConf14 - Ben Cane - Using SaltStack in High Availability EnvironmentsSaltStack
 

Similar to Cent os 5.1 - configuring samba 3.0 to use the ads security mode (20)

Meeting 9 samba
Meeting 9 sambaMeeting 9 samba
Meeting 9 samba
 
Samba server configuration
Samba server configurationSamba server configuration
Samba server configuration
 
Samba tutorial
Samba tutorialSamba tutorial
Samba tutorial
 
Dru lavigne servers-tutorial
Dru lavigne servers-tutorialDru lavigne servers-tutorial
Dru lavigne servers-tutorial
 
Free radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integrationFree radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integration
 
Samba
SambaSamba
Samba
 
Samba server
Samba serverSamba server
Samba server
 
Samba server linux (SMB) BY ROHIT MALAV
Samba server linux (SMB) BY ROHIT MALAVSamba server linux (SMB) BY ROHIT MALAV
Samba server linux (SMB) BY ROHIT MALAV
 
Network Manual
Network ManualNetwork Manual
Network Manual
 
Practical solutions for connections administrators
Practical solutions for connections administratorsPractical solutions for connections administrators
Practical solutions for connections administrators
 
Windows 2003 Server
Windows 2003 ServerWindows 2003 Server
Windows 2003 Server
 
Install websphere message broker 8 RHEL 6 64 bits
Install websphere message broker 8 RHEL 6 64 bitsInstall websphere message broker 8 RHEL 6 64 bits
Install websphere message broker 8 RHEL 6 64 bits
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guide
 
samba server setup Pts ppt (rohit malav)
samba server setup Pts ppt (rohit malav)samba server setup Pts ppt (rohit malav)
samba server setup Pts ppt (rohit malav)
 
TrinityCore server install guide
TrinityCore server install guideTrinityCore server install guide
TrinityCore server install guide
 
Setting up mongodb sharded cluster in 30 minutes
Setting up mongodb sharded cluster in 30 minutesSetting up mongodb sharded cluster in 30 minutes
Setting up mongodb sharded cluster in 30 minutes
 
Build your own secure mail server on the cloud using Amazon Web Services
Build your own secure mail server on the cloud using Amazon Web ServicesBuild your own secure mail server on the cloud using Amazon Web Services
Build your own secure mail server on the cloud using Amazon Web Services
 
Snort296x centos6x 2
Snort296x centos6x 2Snort296x centos6x 2
Snort296x centos6x 2
 
Tutorial : Zimbra on BlankOn
Tutorial : Zimbra on BlankOnTutorial : Zimbra on BlankOn
Tutorial : Zimbra on BlankOn
 
SaltConf14 - Ben Cane - Using SaltStack in High Availability Environments
SaltConf14 - Ben Cane - Using SaltStack in High Availability EnvironmentsSaltConf14 - Ben Cane - Using SaltStack in High Availability Environments
SaltConf14 - Ben Cane - Using SaltStack in High Availability Environments
 

Recently uploaded

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Recently uploaded (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Cent os 5.1 - configuring samba 3.0 to use the ads security mode

  • 1. Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 1 of 10 Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) This is the first line in the Samba 3.0 release notes: "Active Directory support. Samba 3.0 is now able to join an ADS (Active Directory Service) realm as a member server and authenticate users using LDAP/Kerberos." The intent of this article is to show you how to configure your Linux machine and Samba server to participate in a Windows 2003 Active Directory domain as a Member Server using Kerberos authentication. This involves using the security = ADS security mode in Samba. Why would you want to do this? This eliminates the need to create separate Samba user accounts on your Linux server so your Windows users can access the Samba shares. Besides eliminating a lot of administrative overhead, without this, you would need to try to keep the password for the Samba user account synched with the password for the user in the AD domain. If you didn't and a Windows user changed his password, he would be prompted for a password every time he accessed a Samba share. Probably the main advantage to the security = ADS security mode is if you are running a Win2003 AD domain in native mode and your security policy prohibits the use of NT- compatible authentication protocols. All of your workstations would be Windows 2000 or XP Professional. In this case, Samba was not previously able to act as a Domain Member server in the domain. If you want to be able to use winbind (discussed in another article), your Samba server MUST be a domain Member Server. If you're not familiar with the different AD modes, here's a brief explanation. In mixed mode, all windows clients are able to authenticate to the domain including Win9x, NT4, Win2k, and XP Pro. Samba could also be a Member Server of this domain. Active Directory in native mode perfectly allows NT4-style Domain Members. This is contrary to popular belief. Active Directory in native mode prohibits only the use of Backup Domain Controllers running MS Windows NT4. Using AD in native mode and restricting the use of the NT-compatible authentication protocols (i.e., using Kerberos authentication), only Win2k and XP Pro clients can belong to the domain. If you have a network with just Win2k and XP Pro clients, this is the preferred and most secure mode. Contents http://howtoforge.com/book/print/2279/1/all 04-19-2008
  • 2. Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 2 of 10 1. Network Setup 2. Installing Kerberos 3. Installing Samba 3.0 4. Configure Kerberos 5. Configure Samba Network Setup This is the setup on our network: Linux: CentOS with Samba 3.0 installed from the RPM package from CentOS CDs. host/NetBIOS name – sambaserver (eth0: 10.0.0.1) Win2003: Windows 2003 Enterprise Server Active Directory (Domain Controller) running SP1 Machine name – server (eth0: 10.0.0.1) (eth1: 192.168.1.1) AD domain name – fahdaziz.com.pk Network domain name - fahdaziz.com.pk Running DNS for the entire network (eth0: 10.0.0.0) Running DHCP for the entire network (eth0: 10.0.0.0) Installing Kerberos The most crucial thing you need to make this work is to have Kerberos V5 installed on your Linux machine. You will not need to configure your CentOS machine as a Kerberos server, though. You can check to see if they are already installed by using the rpm -q command: rpm -q krb5-libs rpm -q krb5-workstation http://howtoforge.com/book/print/2279/1/all 04-19-2008
  • 3. Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 3 of 10 rpm -q krb5-server These should return the version numbers, not error messages. If you don't already have them installed, you can find them on the CentOS CDs. You can install them from the command line using: rpm -ivh <packagename> If your distribution uses RPM packages, try www.rpmfind.net. You can also go to http://web.mit.edu/Kerberos/www/index.html for the latest release of Kerberos. If you have yum installed on your RPM based distribution, you can execute: yum install krb5-libs yum install krb5-workstation yum install krb5-server Once you get Kerberos installed on your CentOS machine, there's a few critical things you need to check: 1. The time on your Win2003 AD server and your CentOS machine must match. The default Kerberos setting allows for a 5-minute discrepency. I reccomend setting them as close as possible to allow for drift over time. This is ABSOLUTELY CRITICAL! If the clocks don't match, it won't work. This also applies to any other machine in your AD domain you want to authenticate to from your CentOS machine using Kerberos. 2. Any user account in the Win2003 AD domain you are going to use for authentication using Kerberos must have had the password changed at least once since it was created. If the password has never been changed since the account was created THIS WON'T WORK!!. On the accounts I used, I just changed the passwords, then changed them right back to their originals. Installing Samba 3.0 Here's the steps to follow to install Samba 3.0: 1. Remove the old version of Samba from the computer with this command: rpm -e samba http://howtoforge.com/book/print/2279/1/all 04-19-2008
  • 4. Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 4 of 10 If you installed Samba from the CENTOS CDs, you will probably have to remove more than one rpm package. You can use the CENTOS GUI package manager or execute: rpm -qa | grep samba to list the Samba packages that are installed, then uninstall them from the command line. You should uninstall your current version of Samba before installing Samba 3. When you remove Samba, the rpm command will back up your smb.conf file to smb.conf.rpmsave. I reccomend you make a backup copy of it yourself though. If you're not using CentOS, then use the method that is specific to your Linux distribution to uninstall Samba. If you installed Samba from source, see the documentation from Samba.org to uninstall it. 2. Download and install Samba 3 rpm package for CENTOS. Once it's downloaded from the Samba.org site, just use: rpm -ivh samba-3.0.0-1.i386.rpm or yum install samba to install it. If you're not using CentOS, then use the method that is specific to your Linux distribution to install it. If you are installing Samba from source, see the documentation from Samba.org to install it. Once you install it, make the smb.conf.rpmsave file your active smb.conf file or restore your backup copy of smb.conf, then start Samba. Test it to be sure it works as it did before. Your Samba server should work the same with Samba 3 as it did with Samba 2.2. Once you've tested Samba 3 to be sure it's working properly, it's CRITICAL that you stop it before you continue with further configuration. If you don't stop Samba, the following attempts to configure it will most likely fail. Copyright (c) 2007 Fahd Aziz Permission is granted to copy, distribute and/or modify the content of this page under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is available at http://www.gnu.org/licenses/fdl.html http://howtoforge.com/book/print/2279/1/all 04-19-2008
  • 5. Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 5 of 10 Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) - Page 2 Configure Kerberos If you're not familiar with Kerberos, there's a few things you can read to familiarize yourself with it: The most important thing in configuring Kerberos is the /etc/krb5.conf file. There should be an example one in /etc you can modify (that's what I did). If not, then just create one. Here's a copy of mine: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = FAHDAZIZ.COM.PK [realms] FAHDAZIZ.COM.PK = { kdc = server.fahdaziz.com.pk admin_server = server.fahdaziz.com.pk default_domain = fahdaziz.com.pk } [domain_realm] . fahdaziz.com.pk = FAHDAZIZ.COM.PK fahdaziz.com.pk = FAHDAZIZ.COM.PK [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 http://howtoforge.com/book/print/2279/1/all 04-19-2008
  • 6. Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 6 of 10 renew_lifetime = 36000 forwardable = true krb4_convert = false } All of the literature I read said the realm name should be in upper case but doesn't have to be. I took their recommendation. As you can see, I named my realm the same as the AD Domain name. It just so happens that my AD Domain name is the same as my network domain name but that's not always the case. Use your AD DC as the kdc (Key Distribution Center) in your file. You should also list it as the admin server. If you have more than one DC in your AD domain, you can list them as kdc entries. Once you get your krb5.conf file done, you can test it with the kinit command. Execute: kinit username@REALM where username is the name of an account in your AD Domain. It should prompt you for a password. Enter the password for that user in the AD Domain. Note that you must enter the name of the realm in uppercase letters. If it executes without error, then execute klist to see your Kerberos ticket. Here are the commands I entered: [root@sambaserver home]$ kinit Administrator@FAHDAZIZ.COM.PK Password for Administrator@FAHDAZIZ.COM.PK: [root@sambaserver home]$ klist Ticket cache: FILE:/tmp/krb5cc_500 Default principal: Administrator@FAHDAZIZ.COM.PK Valid starting Expires Service principal 01/28/07 15:35:40 01/29/07 01:35:40 krbtgt/ FAHDAZIZ.COM.PK @ IVENTSTER.COM.PK Kerberos 4 ticket cache: /tmp/tkt500 klist: You have no tickets cached [root@sambaserver home]$ If you get any error messages, make sure that: http://howtoforge.com/book/print/2279/1/all 04-19-2008
  • 7. Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 7 of 10 - you have no spelling errors in your krb5.conf file - the times are synched on your machines - the password has been changed at least once on the username you are using. Once you get a ticket from the AD DC, test it out by using Kerberos authentication with the smbclient command to view the shares on your Win2k AD DC: smbclient -L /servername -k That should return a list of all the shares on the DC. Here's how the command worked on my machine: [root@sambaserver home]$ smbclient -L /server -k Sharename Type Comment --------- ---- ------- photos Disk IPC$ IPC Remote IPC D$ Disk Default share rlcowan Disk NETLOGON Disk Logon server share Family Disk ADMIN$ Disk Remote Admin SYSVOL Disk Logon server share Linux Disk C$ Disk Default share Server Comment --------- ------- Workgroup Master --------- ------- [root@sambaserver home]$ After you execute that, you should have another ticket for the server. You can view it with klist like this: [root@sambaserver home]$ klist Ticket cache: FILE:/tmp/krb5cc_500 http://howtoforge.com/book/print/2279/1/all 04-19-2008
  • 8. Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 8 of 10 Default principal: Administrator@FAHDAZIZ.COM.PK Valid starting Expires Service principal 09/28/03 15:35:40 09/29/03 01:35:40 krbtgt/ FAHDAZIZ.COM.PK @ FAHDAZIZ.COM.PK 09/28/03 15:42:13 09/29/03 01:35:40 pe500sc$@ FAHDAZIZ.COM.PK Kerberos 4 ticket cache: /tmp/tkt500 klist: You have no tickets cached [root@sambaserver home]$ Configure Samba When you install Samba from the Samba.org rpm package, it will also install SWAT. Before you configure Samba, I suggest you fire up SWAT and read the document listed on the SWAT home page titled "The Samba HOWTO Collection" It has a section in it that deals with Win2k AD and Kerberos. You now need to make the changes to your smb.conf file to enable Kerberos authentication and so you can join the AD domain. The important lines in smb.conf are: realm = YOUR.REALM security = ads password server = <ip address or name of DC> Here's a copy of my smb.conf file: [global] workgroup = fahdaziz netbios name = sambaserver server string = Samba Server 3.0 security = ads realm = FAHDAZIZ.COM.PK password server = 10.0.0.1 encrypt passwords = yes printcap name = /etc/printcap load printers = yes printing = cups log file = /var/log/samba/%m.log http://howtoforge.com/book/print/2279/1/all 04-19-2008
  • 9. Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 9 of 10 max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no dns proxy = no #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 [printers] comment = All Printers path = /var/spool/samba browseable = yes guest ok = yes writable = no printable = yes Once you make the changes to smb.conf and before you start Samba, you need to join the AD domain. Before you do so there are two things that you should check: - If there is a file named /etc/samba/secrets.tdb either delete, move or rename it. This file would be from your previous connections to the domain. A new one will be created when you join the domain. - If there is an existing machine account in your AD domain for your Samba server, delete it. A new one will be created when you join the AD domain. Here are the commands I used as root to join the AD domain: kinit Administrator@FAHDAZIZ.COM.PK http://howtoforge.com/book/print/2279/1/all 04-19-2008
  • 10. Configuring Samba 3.0 To Use The ADS Security Mode (CentOS) Page 10 of 10 net ads join -Uadministrator%password The first command gets the Kerberos ticket you need to authenticate to the AD domain. You need to use the username of an account in your AD domain that has permission to join computers to the domain. The second command joins the domain. If you're familiar with the command used with Samba 2.2 to join a domain, you'll notice the difference. smbpasswd is not used any more for this purpose. If you successfully join the AD domain, you should receive a message stating that you successfully joined the Domain. You should also see a new /etc/samba/secrets.tdb file. There should also be a new machine account created in your Active Directory. If you look at the properties of the machine account, you should see that the OS is listed as Samba 3.0. Once you've successfully joined the AD domain, start Samba in CentOS using: service smb start or use whatever command you use with your distribution to start Samba. One advantage to using this type of authentication is that you don't need to create Samba accounts on the Linux server with the smbpasswdcommand. There is no need for the /etc/samba/smbpasswd file. You Windows users only need to be be concerned with one user account. However, each user that accesses the Samba server will still need to have a valid Linux user account on the server that matches the account in the AD domain. The purpose of this account is to control access to the the Linux file system. The password for that account does not need to match the Win2k AD domain account password. The account doesn't even need to have the ability to log in locally to the Linux machine. It does have to exist however and it must have the proper permissions to the directories you are sharing out with Samba for the user to access them. This hasn't changed from Samba 2.2. To get around the need for for local Linux accounts, you need to use winbind. It'll be interesting to see how that will work in conjuction with an AD domain. But that's the subject of another article. Copyright (c) 2007 Fahd Aziz Permission is granted to copy, distribute and/or modify the content of this page under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is available at http://www.gnu.org/licenses/fdl.html http://howtoforge.com/book/print/2279/1/all 04-19-2008