Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Install Samba. This service is required to communicate with Active Directory.

    Code Block
    [root@eduroam-idp /root]# yum install -y samba4 samba4-winbind samba4-client samba4-winbind-clients
  2. Edit your samba configuration (/etc/samba/smb.conf).

    Code Block
    workgroup = *USM <---- Change this
    security = ads
    password server = * <---- Change to your DC
    realm = *USM.MY <---- Change to your realm
  3. Edit your kerberosconfiguration (/etc/krb5.conf).

    Code Block
     default = FILE:/var/log/krb5libs.log
     kdc = FILE:/var/log/krb5kdc.log
     admin_server = FILE:/var/log/kadmind.log
     default_realm = USM.MY <---- Change to your realm
     dns_lookup_realm = false
     dns_lookup_kdc = false
     ticket_lifetime = 24h
     renew_lifetime = 7d
     forwardable = true
     USM.MY = {
      kdc = <--- Change to your DC
      admin_server = <----- Change to your DC
    [domain_realm] = USM.MY <---- change to your realm = USM.MY <---- change to your realm
  4. Edit your nsswitch configuration (/etc/nsswitch.conf).

    Code Block
    passwd:     files winbind
    shadow:     files winbind
    group:      files winbind
    protocols:  files winbind
    services:   files winbind
    netgroup:   nisplus winbind
    automount:  files nisplus winbind
  5. Enable your service on boot.

    Code Block
    chkconfig smb on
    chkconfig nmb on
    chkconfig winbind on
  6. Restart samba services.

    Code Block
    service smb restart
    service nmb restart
    service winbind restart
  7. Reboot your machine.

  8. Join Domain. *the account must member of domainadmin.

    Code Block
    [root@eduroam-idp /root]# net ads join –U
  9. Test ntlm_auth.

    Code Block
    [root@eduroam-idp /root]# ntlm_auth -–request-nt-key -– –-username=nfaizal


  10. If you receive the above message, you are done with Samba.