First, make sure kerberos is installed:
# rpm -qa | grep krb
this should return at least 3 packages: krb5-devel, krb5-libs and krb5-workstation
Next, make sure the ldap development libraries are installed:
# rpm -qa | grep ldap-devel
If either of these returns nothing, you'll need to install them - which you can do from the Redhat CD.
make sure there's an entry for your active directory DC in your /etc/hosts file:
1.2.3.4 addc.example.com addc
Next, edit your /etc/krb5.conf to match your site. Everything should be fairly self-explanitory - and everything is case sensitive. Do not comment this file.
Once you've gotten to this point, you can try:
# /usr/kerberos/bin/kinit user@DOMAIN.COM
replacing *user* with a real user and DOMAIN.COM with a real domain (which must be UPPERCASE). If things are working, you'll be prompted for a password. If you enter the correct password, you'll come back to a bash shell, if not, you should be presented with:
"kinit(v5): Preauthentication failed while getting initial credentials"
or some such.
Note: If the clock time on the Linux machine is more than 5 minutes off from the time on the windows machine no ticket information will work. There are three wys to deal with this:
1. Have the Linux server act as a network time server, with the windows machine as a client
2. Have the windows machine act as a time server for the Linux client
3. Make both systems pull the time from the same 3rd server ( some are listed here - http://ntp.isc.org/bin/view/Servers/NTPPoolServers )
Next, uninstall samba if it's installed:
# rpm -e samba
get the latest version of samba:
$ wget "http://us1.samba.org/samba/ftp/samba-latest.tar.gz" things to do
{
01.$ tar -zxvf samba*.tar.gz
02.
03.$ CD samba-3.0.13
04.
05.$ ./configure --prefix=/usr/local/samba --with-ldap --with-ads --with-krb5 --with-pam --with-winbind
06.
07.# make && make install }
In your smb.conf:
netbios name = LINUX_SERVER_NAME
realm = DOMAIN.COM
ads server = 123.123.123.123
security = ADS
encrypt passwords = yes
start samba:
# /etc/RC.d/init.d/smb start
To add the Linux computer to the AD, you need to log into the DC and add it as a user with such privledges, so (from the Linux system):
# /usr/local/samba/bin/net ads join -U Administrator
it should prompt you for Administrator's password. Note that Administrator should be a user with the right to add a computer to the AD.
you should see something like:
Joined 'LINUX_MACHINE_NAME' to realm 'DOMAIN.COM'
To verify this worked, go to the windows DC and open Active Directory->Users and Computers and look for your Linux machine to be listed there.
That's all you absolutely need to connect to the AD. If you want to map users to the AD (which is probably why you're doing this), open /etc/nsswitch.conf and change this:
passwd: files
shadow: files
group: files
to this:
passwd: compat winbind
shadow: compat
group: compat winbind
start the winbind daemon:
# winbindd
make sure it's running:
# PS -ae | grep winbindd
if nothing gets returned, you probably didn't configure samba with kerberos and ldap support. If it shows winbindd running, you're all set. To make sure everything starts on reboot:
open /etc/RC.d/init.d/smb and /etc/RC.d/init.d/winbindd and make sure the line:
# chkconfig: 345 NN NN
exixts (NN will be different numbers pertaining to priority), it should be on line 3 of both files. if these lines don't exist, add them. If they read:
# chkconfig: - NN NN
change the - to 345
save and close those files and run chkconfig:
# chkconfig smb reset
# chkconfig winbindd reset
you can check the runlevels they will start at with
# chkconfig smb --list
# chkconfig winbindd --list
in your smb.conf [global] section: (for name resolution)
Code:
wins support = Yes
name resolve order = wins lmhosts hosts bcast
wins server = wins_server_ip_address
01. wins support = Yes
02. name resolve order = wins lmhosts hosts bcast
03. wins server = wins_server_ip_address
The process of actually joining a computer to a domain must occur at the computer itself and be performed by a member of the computer's local Administrators group. After logging on, you join a computer running Windows Server 2003 to a domain from the Computer Name tab in the System Properties dialog box (which is accessible from the System icon in Control Panel).
To join a domain, you go to the Computer Properties and the Identification tab. Tell the system you want to join a domain, then provide the domain you want to join. You will be asked for administrator credentials in order to join the domain from a client.
user account and a computer account
The System applet in the control panel will allow you to join a system to a domain. or right click my computer-> properties->computername->click change it will ask the domain administrator username pwd enter it will get prompt to restart the computer. voila you are joined to domain..
The computer name that comes up on the Network is the one that was configured in the system properties. You can reconfigure the Computer name by going to::: Windows XP :: My Computer >> Right Click >> My Properties >> System >> Computer Name. "To rename this computer or join a domain, click change":: Windows 7 :: My Computer >> Right Click >> My Properties >> Advanced system settings >> Computer Name. "To rename this computer or join a domain, click change"
The System applet in the control panel will allow you to join a system to a domain.
i prefercomputer science
Network Sharing Center
Windows 7 Professional and Ultimate editions have a feature called Domain Join, which is designed to join a domain quickly and more securely.
join the client to workgroup and restart the PC. it will be out of domain. But you require proper admin rights to do so.
A workgroup
Join a fan made group/ clan or join a group