Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Install Samba. This service is required to communicate with Active Directory.

    Code Block
    languagebash
    [root@eduroam-idp /root]# yum install -y samba4 samba4-winbind samba4-client samba4-winbind-clients
  2. Edit your samba configuration (/etc/samba/smb.conf).

    Code Block
    languagebash
    workgroup = *USM <---- Change this
    security = ads
    password server = *myadserver.usm.my <---- Change to your DC
    realm = *USM.MY <---- Change to your realm
    
  3. Edit your kerberosconfiguration (/etc/krb5.conf).

    Code Block
    languagebash
    [logging]
     default = FILE:/var/log/krb5libs.log
     kdc = FILE:/var/log/krb5kdc.log
     admin_server = FILE:/var/log/kadmind.log
    
    
    [libdefaults]
     default_realm = USM.MY <---- Change to your realm
     dns_lookup_realm = false
     dns_lookup_kdc = false
     ticket_lifetime = 24h
     renew_lifetime = 7d
     forwardable = true
    
    [realms]
     USM.MY = {
      kdc = mypdc-server.usm.my:88 <--- Change to your DC
      admin_server = mypdc-server.usm.my:749 <----- Change to your DC
     }
    
    [domain_realm]
     .usm.my = USM.MY <---- change to your realm
     usm.my = USM.MY <---- change to your realm
    
  4. Edit your nsswitch configuration (/etc/nsswitch.conf).

    Code Block
    languagebash
    passwd:     files winbind
    shadow:     files winbind
    group:      files winbind
    protocols:  files winbind
    services:   files winbind
    netgroup:   nisplus winbind
    automount:  files nisplus winbind
    
  5. Enable your service on boot.

    Code Block
    languagebash
    chkconfig smb on
    chkconfig nmb on
    chkconfig winbind on
    
  6. Restart samba services.

    Code Block
    languagebash
    service smb restart
    service nmb restart
    service winbind restart
    
  7. Reboot your machine.

  8. Join Domain. *the account must member of domainadmin.

    Code Block
    languagebash
    [root@eduroam-idp /root]# net ads join –U eduroamad@usm.my
    
  9. Test ntlm_auth.

    Code Block
    languagebash
    [root@eduroam-idp /root]# ntlm_auth -–request-nt-key -–domain=usm.my –-username=nfaizal
    

     

  10. If you receive the above message, you are done with Samba.

...