Testing Setups: Difference between revisions
From SambaWiki
No edit summary |
No edit summary |
||
Line 59: | Line 59: | ||
realm = KLATCH.DISCWORLD.SITE |
realm = KLATCH.DISCWORLD.SITE |
||
security = ADS |
security = ADS |
||
= AD Stuff = |
|||
== Set kerberos ticket lifetime to 5 min == |
|||
Goto 'Server Manager' -> Features -> Group Policy Management -> Domains -> YOUR DOMAIN -> Group Policy Objects |
|||
Right click on "Default Domain Policy" -> Edit |
|||
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Kerberos Policy |
Latest revision as of 16:51, 21 November 2011
Create an Administrator account on Samba:
edit smb.conf:
# v3.5 and earlier passdb backend = tdbsam idmap backend = tdb idmap uid = 1000000-1999999 idmap gid = 1000000-1999999
# v3.6 passdb backend = tdbsam idmap config * : range = 100000-200000
smbpasswd -a <you>
bin/winbindd
net sam createbuiltingroup Administrators net sam addmem BUILTIN\\Administrators <you>
bin/smbd
---
unlock account:
pdbedit -c='[]' <you>
lock account:
pdbedit -c='[L]' <you>
clear autolock:
net sam set autolock asn no
Join the development machine to the domain:
edit /etc/krb5.conf [realms]
KLATCH.DISCWORLD.SITE = { kdc = ephebe.klatch.discworld.site default_domain = KLATCH.DISCWORLD.SITE }
RAMTOPS.DISCWORLD.SITE = { kdc = lancre.ramtops.discworld.site default_domain = RAMTOPS.DISCWORLD.SITE }
[domain_realm]
.klatch.discworld.site = KLATCH.DISCWORLD.SITE klatch.discworld.site = KLATCH.DISCWORLD.SITE .ramtops.discworld.site = RAMTOPS.DISCWORLD.SITE ramtops.discworld.site = RAMTOPS.DISCWORLD.SITE
edit /etc/samba/smb.conf [global]
workgroup = KLATCH.DISCWORLD.SITE realm = KLATCH.DISCWORLD.SITE security = ADS
AD Stuff
Set kerberos ticket lifetime to 5 min
Goto 'Server Manager' -> Features -> Group Policy Management -> Domains -> YOUR DOMAIN -> Group Policy Objects
Right click on "Default Domain Policy" -> Edit
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Kerberos Policy