Lesson 1. Samba and AD
Once Samba has been installed on your system, you should edit the smb.conf file, and configure the [global] section to point to your NT server, including hostname and NT domain.
workgroup = MYDOMAIN
...
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = ads
# Use password server option only with security = server
password server = nt-server-hostname.company.com
...
realm = realm.company.com
You will also have to edit the /etc/krb5.conf file, to add an entry that points to the Active Directory Server
...
realm.company.com = {
kdc = nt-server-hostname.company.com
}
...
Start the Samba and Kerberos servers, and as root join the domain:
Enter the administrator password at the prompt.
Next, verify that a user in the domain can be authenticated:
You should see a number of lines of text, followed by authentication succeeded. The next step is to try the same login with the ntlm_auth program, which is what FreeRADIUS will be using:
If all goes well, you should see authentication succeeding (NT_STATUS_OK). You should also see the NT_KEY output, which is needed in order for FreeRADIUS to perform MS-CHAP authentication.
Enjoy this article?
Pages
Recent Comments
- angel on how to reset password on Linksys WRT54GL running OpenWRT
- rich on how to reset password on Linksys WRT54GL running OpenWRT
- rosniza on AntiDDOS or magic shield :)
- samuray on how to reset password on Linksys WRT54GL running OpenWRT
- samuray on how to reset password on Linksys WRT54GL running OpenWRT
