Add a Samba server to Windows Server 2003 Active Directory ---------------------------------------------------------- 2008-01-03 Purpose: To add your Samba server to your W2K3 AD. This is useful for cases like: http://www.turnpike420.net/linux/Samba_PDF_printing.txt However, this document does not yet cover how to use AD credentials to allow access to Samba shares. You will need Samba 3.0.9-1.3E.2 or greater, packages are: samba, samba-client and samba-common Use YUM or up2date On CentOS/RHEL 4 and installing these packages will ensure you have the proper kerberos packages required. These notes are based on: http://kbase.redhat.com/faq/FAQ_45_5787.shtm 1. Logon to LINUXHOSTNAME as root 2. Edit /etc/krb5.conf vi /etc/krb5.conf !Keep case UPPER where UPPER and lower where lower! ---BEGIN--- [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = false [realms] EXAMPLE.COM = { kdc = w2k3dchostname.example.com:88 admin_server = w2k3dchostname.example.com:749 default_domain = example.com } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } ----END---- 3. Edit /etc/samba/smb.conf (add these lines) ---BEGIN--- [global] security = ADS workgroup = EXAMPLE realm = W2K3DCHOSTNAME.EXAMPLE.COM # IF w2k3, you may also need these 2 lines client use spnego = no server signing = auto ----END---- 4. Stop Samba and Winbind services service smb stop service winbind stop 5. Join the domain! net ads join -U Administrator you should get this result: Using short domain name -- EXAMPLE Joined 'LINUXHOSTNAME' to realm 'W2K3DCHOSTNAME.EXAMPLE.COM' NOTE: In the case of only using Samba for PDF printer, you should edit smb.conf security = user # security = ADS With security = ADS the PDF printer and other samba shares which are not setup to use AD for credentials will fail!! I plan to learn how to fix this later. Be sure you restart samba after you change security back to user!