Winbind

From Megazirt Wiki
Jump to: navigation, search

Unlike Fedora 14, 15 has good support for setting up Winbind on first boot. Unfortunately when I have installed F15 from the DVD install I've still had to use CTRL+ALT+F2 to change to terminal and then, logging in as root, run... 

yum install samba samba-client samba-winbind samba-winbind-clients krb5-workstation nscd gvfs-smb -ty

You can then use the option on first boot setup to use external login authentication.

Sharing Files

Normally the guru's will advise against running as root, but this stuff needs it so I'll assume all commands are run as such.

If you are reading this and have selinux enabled and want to share files, try the following command 

setsebool -P samba_export_all_rw 1

Now we need to double check all the services are setup to start as default. They probably are though. 

chkconfig smb on
chkconfig winbind on
  • As root, setup the basic Winbind options to make configuration that little bit easier...

Setup
Authentication configuration and enable the following....
Use winbind - Use Shadow Passwords - Use Winbind Authentication - Local authorization is sufficient

Clicking next at this point needs some settings, for megazirt...
Security Model - ads
Domain - MEGAZIRT
Domain Controllers - TUZ.MEGAZIRT.LOCAL
ADS Realm - MEGAZIRT.LOCAL
Template Shell - /bin/bash

Note that the 'Domain Controllers' field is given as TUZ.MEGAZIRT.LOCAL, in a production environment this should/might be better as a generic record on the DNS like dc.megazirt.local, so we can change servers around. Before leaving this screen, you can use the 'Join Domain' button. This is a bit useless if you ask me, because if the join fails the error flashes on the screen so quick you'll probably miss it. I also find there are some changes that still need to be done in the /etc/krb5.conf

dns_lookup_realm = true
dns_lookup_kdc = true

In the krb5.conf file I deleted all the example domain stuff, though I don't think there is any problem with keeping it. Next up I reconfigured /etc/samba/smb.conf for the following...

winbind use default domain = true

Finally, to get the client connected to the Domain run the command...

net join -w MEGAZIRT -S TUZ.MEGAZIRT.LOCAL -U Administrator

I've seen the command listed in guides without the -w and -s options but they are used in the authconfig scripts and sometimes the setup will work without them and end up missing group policys etc even though logins work.

Retrieved from "http://www.megazirt.co.uk/wiki/index.php/Winbind"
Personal tools