Testing Setups: Difference between revisions

From SambaWiki
No edit summary
No edit summary
 
(One intermediate revision by the same user not shown)
Line 2: Line 2:


edit smb.conf:
edit smb.conf:
# v3.5 and earlier
passdb backend = tdbsam
passdb backend = tdbsam
idmap backend = tdb
idmap backend = tdb
idmap uid = 1000000-1999999
idmap uid = 1000000-1999999
idmap gid = 1000000-1999999
idmap gid = 1000000-1999999

# v3.6
passdb backend = tdbsam
idmap config * : range = 100000-200000


smbpasswd -a <you>
smbpasswd -a <you>
Line 54: Line 59:
realm = KLATCH.DISCWORLD.SITE
realm = KLATCH.DISCWORLD.SITE
security = ADS
security = ADS

= AD Stuff =

== Set kerberos ticket lifetime to 5 min ==

Goto 'Server Manager' -> Features -> Group Policy Management -> Domains -> YOUR DOMAIN -> Group Policy Objects

Right click on "Default Domain Policy" -> Edit

Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Kerberos Policy

Latest revision as of 16:51, 21 November 2011

Create an Administrator account on Samba:

edit smb.conf:

 # v3.5 and earlier
 passdb backend = tdbsam
 idmap backend = tdb
 idmap uid = 1000000-1999999
 idmap gid = 1000000-1999999
 # v3.6
 passdb backend = tdbsam
 idmap config * : range = 100000-200000
 smbpasswd -a <you>
 bin/winbindd
 net sam createbuiltingroup Administrators
 net sam addmem BUILTIN\\Administrators <you>
 bin/smbd

---

unlock account:

 pdbedit -c='[]' <you>

lock account:

 pdbedit -c='[L]' <you>

clear autolock:

 net sam set autolock asn no

Join the development machine to the domain:

edit /etc/krb5.conf [realms]

   KLATCH.DISCWORLD.SITE = {
       kdc = ephebe.klatch.discworld.site
       default_domain = KLATCH.DISCWORLD.SITE
   }
   RAMTOPS.DISCWORLD.SITE = {
       kdc = lancre.ramtops.discworld.site
       default_domain = RAMTOPS.DISCWORLD.SITE
   }

[domain_realm]

   .klatch.discworld.site = KLATCH.DISCWORLD.SITE
   klatch.discworld.site = KLATCH.DISCWORLD.SITE
   .ramtops.discworld.site = RAMTOPS.DISCWORLD.SITE
   ramtops.discworld.site = RAMTOPS.DISCWORLD.SITE

edit /etc/samba/smb.conf [global]

   workgroup = KLATCH.DISCWORLD.SITE
   realm = KLATCH.DISCWORLD.SITE
   security = ADS

AD Stuff

Set kerberos ticket lifetime to 5 min

Goto 'Server Manager' -> Features -> Group Policy Management -> Domains -> YOUR DOMAIN -> Group Policy Objects

Right click on "Default Domain Policy" -> Edit

Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Kerberos Policy