Difference between revisions of "Testing Setups"

 
 
(2 intermediate revisions by the same user not shown)
Line 2: Line 2:
  
 
edit smb.conf:
 
edit smb.conf:
passdb backend = tdbsam
+
  # v3.5 and earlier
idmap backend = tdb
+
  passdb backend = tdbsam
idmap uid = 1000000-1999999
+
  idmap backend = tdb
idmap gid = 1000000-1999999
+
  idmap uid = 1000000-1999999
 +
  idmap gid = 1000000-1999999
  
smbpasswd -a <you>
+
  # v3.6
 +
  passdb backend = tdbsam
 +
  idmap config * : range = 100000-200000
  
bin/winbindd
+
  smbpasswd -a <you>
  
net sam createbuiltingroup Administrators
+
  bin/winbindd
net sam addmem BUILTIN\\Administrators <you>
 
  
bin/smbd
+
  net sam createbuiltingroup Administrators
 +
  net sam addmem BUILTIN\\Administrators <you>
 +
 
 +
  bin/smbd
  
 
---
 
---
  
 
unlock account:
 
unlock account:
pdbedit -c='[]' <you>
+
  pdbedit -c='[]' <you>
  
 
lock account:
 
lock account:
pdbedit -c='[L]' <you>
+
  pdbedit -c='[L]' <you>
  
 
clear autolock:
 
clear autolock:
net sam set autolock asn no
+
  net sam set autolock asn no
  
 
-------------------------------------------------------------
 
-------------------------------------------------------------
Line 54: Line 59:
 
     realm = KLATCH.DISCWORLD.SITE
 
     realm = KLATCH.DISCWORLD.SITE
 
     security = ADS
 
     security = ADS
 +
 +
= AD Stuff =
 +
 +
== Set kerberos ticket lifetime to 5 min ==
 +
 +
Goto 'Server Manager' -> Features -> Group Policy Management -> Domains -> YOUR DOMAIN -> Group Policy Objects
 +
 +
Right click on "Default Domain Policy" -> Edit
 +
 +
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Kerberos Policy

Latest revision as of 16:51, 21 November 2011

Create an Administrator account on Samba:

edit smb.conf:

 # v3.5 and earlier
 passdb backend = tdbsam
 idmap backend = tdb
 idmap uid = 1000000-1999999
 idmap gid = 1000000-1999999
 # v3.6
 passdb backend = tdbsam
 idmap config * : range = 100000-200000
 smbpasswd -a <you>
 bin/winbindd
 net sam createbuiltingroup Administrators
 net sam addmem BUILTIN\\Administrators <you>
 bin/smbd

---

unlock account:

 pdbedit -c='[]' <you>

lock account:

 pdbedit -c='[L]' <you>

clear autolock:

 net sam set autolock asn no

Join the development machine to the domain:

edit /etc/krb5.conf [realms]

   KLATCH.DISCWORLD.SITE = {
       kdc = ephebe.klatch.discworld.site
       default_domain = KLATCH.DISCWORLD.SITE
   }
   RAMTOPS.DISCWORLD.SITE = {
       kdc = lancre.ramtops.discworld.site
       default_domain = RAMTOPS.DISCWORLD.SITE
   }

[domain_realm]

   .klatch.discworld.site = KLATCH.DISCWORLD.SITE
   klatch.discworld.site = KLATCH.DISCWORLD.SITE
   .ramtops.discworld.site = RAMTOPS.DISCWORLD.SITE
   ramtops.discworld.site = RAMTOPS.DISCWORLD.SITE

edit /etc/samba/smb.conf [global]

   workgroup = KLATCH.DISCWORLD.SITE
   realm = KLATCH.DISCWORLD.SITE
   security = ADS

AD Stuff

Set kerberos ticket lifetime to 5 min

Goto 'Server Manager' -> Features -> Group Policy Management -> Domains -> YOUR DOMAIN -> Group Policy Objects

Right click on "Default Domain Policy" -> Edit

Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Kerberos Policy