From 5130e1468e2028613a9f5369237db25b091fd548 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 31 Mar 2003 21:42:19 +0000 Subject: More doc updates: - Move information about compiling with ADS support to appendix about compiling - Make DOMAIN_MEMBER NT4-domain only (because current ADS info was incomplete and becoming an ADS domain member is documented more properly in ADS-HOWTO) (This used to be commit efe3dd876ac61af0abc46539369860216eeca79b) --- docs/docbook/projdoc/ADS-HOWTO.sgml | 76 ++++----------------------------- docs/docbook/projdoc/Compiling.sgml | 58 +++++++++++++++++++++++++ docs/docbook/projdoc/DOMAIN_MEMBER.sgml | 23 ++-------- 3 files changed, 71 insertions(+), 86 deletions(-) (limited to 'docs/docbook/projdoc') diff --git a/docs/docbook/projdoc/ADS-HOWTO.sgml b/docs/docbook/projdoc/ADS-HOWTO.sgml index 887ecd74c2..a98fe14e31 100644 --- a/docs/docbook/projdoc/ADS-HOWTO.sgml +++ b/docs/docbook/projdoc/ADS-HOWTO.sgml @@ -14,67 +14,10 @@ This is a rough guide to setting up Samba 3.0 with kerberos authentication again Windows2000 KDC. -Pieces you need before you begin: - - -a Windows 2000 server. -samba 3.0 or higher. -the MIT kerberos development libraries (either install from the above sources or use a package). The heimdal libraries will not work. -the OpenLDAP development libraries. - - - - -Installing the required packages for Debian - -On Debian you need to install the following packages: - - -libkrb5-dev -krb5-user - - - - - -Installing the required packages for RedHat - -On RedHat this means you should have at least: - - -krb5-workstation (for kinit) -krb5-libs (for linking with) -krb5-devel (because you are compiling from source) - - - -in addition to the standard development environment. - -Note that these are not standard on a RedHat install, and you may need -to get them off CD2. - - - -Compile Samba -If your kerberos libraries are in a non-standard location then - remember to add the configure option --with-krb5=DIR. +Setup your <filename>smb.conf</filename> -After you run configure make sure that include/config.h it - generates contains - lines like this: - - -#define HAVE_KRB5 1 -#define HAVE_LDAP 1 - - -If it doesn't then configure did not find your krb5 libraries or - your ldap libraries. Look in config.log to figure out why and fix - it. - -Then compile and install Samba as usual. You must use at least the - following 3 options in smb.conf: +You must use at least the following 3 options in smb.conf: realm = YOUR.KERBEROS.REALM @@ -93,13 +36,13 @@ In case samba can't figure out your ads server using your realm name, use the You do *not* need a smbpasswd file, and older clients will be authenticated as if "security = domain", although it won't do any harm and allows you to have local users not in the domain. - I expect that the above - required options will change soon when we get better active - directory integration. - + I expect that the above required options will change soon when we get better + active directory integration. + + -Setup your /etc/krb5.conf +Setup your <filename>/etc/krb5.conf</filename> The minimal configuration for krb5.conf is: @@ -187,12 +130,11 @@ specify the -k option to choose kerberos authentication. Notes -You must change administrator password at least once after DC install, - to create the right encoding types +You must change administrator password at least once after DC +install, to create the right encoding types w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in their defaults DNS setup. Maybe fixed in service packs? - diff --git a/docs/docbook/projdoc/Compiling.sgml b/docs/docbook/projdoc/Compiling.sgml index 49aafebec0..ac98f34a32 100644 --- a/docs/docbook/projdoc/Compiling.sgml +++ b/docs/docbook/projdoc/Compiling.sgml @@ -217,6 +217,64 @@ on this system just substitute the correct package name if you find this version a disaster! + + + Compiling samba with Active Directory support + + In order to compile samba with ADS support, you need to have installed + on your system: + + the MIT kerberos development libraries (either install from the sources or use a package). The heimdal libraries will not work. + the OpenLDAP development libraries. + + + If your kerberos libraries are in a non-standard location then + remember to add the configure option --with-krb5=DIR. + + After you run configure make sure that include/config.h it generates contains lines like this: + + +#define HAVE_KRB5 1 +#define HAVE_LDAP 1 + + + If it doesn't then configure did not find your krb5 libraries or + your ldap libraries. Look in config.log to figure out why and fix + it. + + + Installing the required packages for Debian + + On Debian you need to install the following packages: + + + libkrb5-dev + krb5-user + + + + + + Installing the required packages for RedHat + + On RedHat this means you should have at least: + + + krb5-workstation (for kinit) + krb5-libs (for linking with) + krb5-devel (because you are compiling from source) + + + + in addition to the standard development environment. + + Note that these are not standard on a RedHat install, and you may need + to get them off CD2. + + + + + diff --git a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml index b178bfd2c2..8ac3520384 100644 --- a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml +++ b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml @@ -45,9 +45,7 @@ security = line in the [global] section of your smb.conf to read: - security = domain or - security = ads depending on if the PDC is - NT4 or running Active Directory respectivly. + security = domain Next change the workgroup = line in the [global] section to read: @@ -86,7 +84,7 @@ In order to actually join the domain, you must run this command: - root# net join -S DOMPDC + root# net rpc join -S DOMPDC -UAdministrator%password as we are joining the domain DOM and the PDC for that domain @@ -123,19 +121,6 @@ clients to begin using domain security! - -Samba and Windows 2000 Domains - - - -Many people have asked regarding the state of Samba's ability to participate in -a Windows 2000 Domain. Samba 3.0 is able to act as a member server of a Windows -2000 domain operating in mixed or native mode. The steps above apply -to both NT4 and Windows 2000. - - - - Why is this better than security = server? @@ -178,11 +163,11 @@ to both NT4 and Windows 2000. reply, the Samba server gets the user identification information such as the user SID, the list of NT groups the user belongs to, etc. - NOTE: Much of the text of this document + Much of the text of this document was first published in the Web magazine LinuxWorld as the article Doing - the NIS/NT Samba. + the NIS/NT Samba. -- cgit