summaryrefslogtreecommitdiff
path: root/docs/docbook/projdoc/ADS-HOWTO.sgml
diff options
context:
space:
mode:
Diffstat (limited to 'docs/docbook/projdoc/ADS-HOWTO.sgml')
-rw-r--r--docs/docbook/projdoc/ADS-HOWTO.sgml76
1 files changed, 67 insertions, 9 deletions
diff --git a/docs/docbook/projdoc/ADS-HOWTO.sgml b/docs/docbook/projdoc/ADS-HOWTO.sgml
index a98fe14e31..887ecd74c2 100644
--- a/docs/docbook/projdoc/ADS-HOWTO.sgml
+++ b/docs/docbook/projdoc/ADS-HOWTO.sgml
@@ -14,10 +14,67 @@ This is a rough guide to setting up Samba 3.0 with kerberos authentication again
Windows2000 KDC.
</para>
+<para>Pieces you need before you begin:</para>
+<para>
+<simplelist>
+<member>a Windows 2000 server.</member>
+<member>samba 3.0 or higher.</member>
+<member>the MIT kerberos development libraries (either install from the above sources or use a package). The heimdal libraries will not work.</member>
+<member>the OpenLDAP development libraries.</member>
+</simplelist>
+</para>
+
+<sect1>
+<title>Installing the required packages for Debian</title>
+
+<para>On Debian you need to install the following packages:</para>
+<para>
+<simplelist>
+<member>libkrb5-dev</member>
+<member>krb5-user</member>
+</simplelist>
+</para>
+</sect1>
+
+<sect1>
+<title>Installing the required packages for RedHat</title>
+
+<para>On RedHat this means you should have at least: </para>
+<para>
+<simplelist>
+<member>krb5-workstation (for kinit)</member>
+<member>krb5-libs (for linking with)</member>
+<member>krb5-devel (because you are compiling from source)</member>
+</simplelist>
+</para>
+
+<para>in addition to the standard development environment.</para>
+
+<para>Note that these are not standard on a RedHat install, and you may need
+to get them off CD2.</para>
+
+</sect1>
+
<sect1>
-<title>Setup your <filename>smb.conf</filename></title>
+<title>Compile Samba</title>
+<para>If your kerberos libraries are in a non-standard location then
+ remember to add the configure option --with-krb5=DIR.</para>
-<para>You must use at least the following 3 options in smb.conf:</para>
+<para>After you run configure make sure that include/config.h it
+ generates contains
+ lines like this:</para>
+
+<para><programlisting>
+#define HAVE_KRB5 1
+#define HAVE_LDAP 1
+</programlisting></para>
+
+<para>If it doesn't then configure did not find your krb5 libraries or
+ your ldap libraries. Look in config.log to figure out why and fix
+ it.</para>
+
+<para>Then compile and install Samba as usual. You must use at least the
+ following 3 options in smb.conf:</para>
<para><programlisting>
realm = YOUR.KERBEROS.REALM
@@ -36,13 +93,13 @@ In case samba can't figure out your ads server using your realm name, use the
<para>You do *not* need a smbpasswd file, and older clients will
be authenticated as if "security = domain", although it won't do any harm
and allows you to have local users not in the domain.
- I expect that the above required options will change soon when we get better
- active directory integration.</para>
-
+ I expect that the above
+ required options will change soon when we get better active
+ directory integration.</para>
</sect1>
-
+
<sect1>
-<title>Setup your <filename>/etc/krb5.conf</filename></title>
+<title>Setup your /etc/krb5.conf</title>
<para>The minimal configuration for krb5.conf is:</para>
@@ -130,11 +187,12 @@ specify the -k option to choose kerberos authentication.
<sect1>
<title>Notes</title>
-<para>You must change administrator password at least once after DC
-install, to create the right encoding types</para>
+<para>You must change administrator password at least once after DC install,
+ to create the right encoding types</para>
<para>w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in
their defaults DNS setup. Maybe fixed in service packs?</para>
+
</sect1>
</chapter>