Difference between revisions of "Testing Setups"

 
Line 59: Line 59:
 
     realm = KLATCH.DISCWORLD.SITE
 
     realm = KLATCH.DISCWORLD.SITE
 
     security = ADS
 
     security = ADS
 +
 +
= AD Stuff =
 +
 +
== Set kerberos ticket lifetime to 5 min ==
 +
 +
Goto 'Server Manager' -> Features -> Group Policy Management -> Domains -> YOUR DOMAIN -> Group Policy Objects
 +
 +
Right click on "Default Domain Policy" -> Edit
 +
 +
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Kerberos Policy

Latest revision as of 16:51, 21 November 2011

Create an Administrator account on Samba:

edit smb.conf:

 # v3.5 and earlier
 passdb backend = tdbsam
 idmap backend = tdb
 idmap uid = 1000000-1999999
 idmap gid = 1000000-1999999
 # v3.6
 passdb backend = tdbsam
 idmap config * : range = 100000-200000
 smbpasswd -a <you>
 bin/winbindd
 net sam createbuiltingroup Administrators
 net sam addmem BUILTIN\\Administrators <you>
 bin/smbd

---

unlock account:

 pdbedit -c='[]' <you>

lock account:

 pdbedit -c='[L]' <you>

clear autolock:

 net sam set autolock asn no

Join the development machine to the domain:

edit /etc/krb5.conf [realms]

   KLATCH.DISCWORLD.SITE = {
       kdc = ephebe.klatch.discworld.site
       default_domain = KLATCH.DISCWORLD.SITE
   }
   RAMTOPS.DISCWORLD.SITE = {
       kdc = lancre.ramtops.discworld.site
       default_domain = RAMTOPS.DISCWORLD.SITE
   }

[domain_realm]

   .klatch.discworld.site = KLATCH.DISCWORLD.SITE
   klatch.discworld.site = KLATCH.DISCWORLD.SITE
   .ramtops.discworld.site = RAMTOPS.DISCWORLD.SITE
   ramtops.discworld.site = RAMTOPS.DISCWORLD.SITE

edit /etc/samba/smb.conf [global]

   workgroup = KLATCH.DISCWORLD.SITE
   realm = KLATCH.DISCWORLD.SITE
   security = ADS

AD Stuff

Set kerberos ticket lifetime to 5 min

Goto 'Server Manager' -> Features -> Group Policy Management -> Domains -> YOUR DOMAIN -> Group Policy Objects

Right click on "Default Domain Policy" -> Edit

Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Kerberos Policy