The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Create an Administrator account on Samba:

edit smb.conf:

 # v3.5 and earlier
 passdb backend = tdbsam
 idmap backend = tdb
 idmap uid = 1000000-1999999
 idmap gid = 1000000-1999999

 # v3.6
 passdb backend = tdbsam
 idmap config * : range = 100000-200000

 smbpasswd -a <you>

 bin/winbindd

 net sam createbuiltingroup Administrators
 net sam addmem BUILTIN\\Administrators <you>

 bin/smbd

---

unlock account:

 pdbedit -c='[]' <you>

lock account:

 pdbedit -c='[L]' <you>

clear autolock:

 net sam set autolock asn no

Join the development machine to the domain:

edit /etc/krb5.conf [realms]

   KLATCH.DISCWORLD.SITE = {
       kdc = ephebe.klatch.discworld.site
       default_domain = KLATCH.DISCWORLD.SITE
   }

   RAMTOPS.DISCWORLD.SITE = {
       kdc = lancre.ramtops.discworld.site
       default_domain = RAMTOPS.DISCWORLD.SITE
   }

[domain_realm]

   .klatch.discworld.site = KLATCH.DISCWORLD.SITE
   klatch.discworld.site = KLATCH.DISCWORLD.SITE
   .ramtops.discworld.site = RAMTOPS.DISCWORLD.SITE
   ramtops.discworld.site = RAMTOPS.DISCWORLD.SITE

edit /etc/samba/smb.conf [global]

   workgroup = KLATCH.DISCWORLD.SITE
   realm = KLATCH.DISCWORLD.SITE
   security = ADS

AD Stuff

Set kerberos ticket lifetime to 5 min

Goto 'Server Manager' -> Features -> Group Policy Management -> Domains -> YOUR DOMAIN -> Group Policy Objects

Right click on "Default Domain Policy" -> Edit

Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Kerberos Policy

Anonymous

Search

Testing Setups

Namespaces

More

Page actions

AD Stuff

Set kerberos ticket lifetime to 5 min

Navigation

Navigation

Wiki tools

Wiki tools

Anonymous

Search

Testing Setups

AD Stuff

Set kerberos ticket lifetime to 5 min

Navigation

Wiki tools

Page tools