Samba with AD authentication on Solaris 8


Revision as of 14:34, 24 September 2007 by Hutch (Talk | contribs)
Jump to: navigation, search

The SunFreeware Samba package is not compiled with AD support.

$ pkginfo -l SMCsamba
  PKGINST:  SMCsamba
     NAME:  samba
 CATEGORY:  application
     ARCH:  sparc
  VERSION:  3.0.25a

$ /usr/local/samba/sbin/smbd -b | egrep 'ADS|LDAP|KRB'
$ tar xvf krb5-1.6.2-signed.tar
$ gpg --verify krb5-1.6.2.tar.gz.asc 
gpg: Signature made Tue 10 Jul 2007 02:20:59 PM CDT using RSA key ID F376813D
gpg: Can't check signature: public key not found

$ gpg --keyserver --recv-keys F376813D
gpg: requesting key F376813D from hkp server
gpg: key F376813D: duplicated user ID detected - merged
gpg: key F376813D: public key "Tom Yu <tlyu@MIT.EDU>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
$ gpg --verify krb5-1.6.2.tar.gz.asc 
gpg: Signature made Tue 10 Jul 2007 02:20:59 PM CDT using RSA key ID F376813D
gpg: Good signature from "Tom Yu <tlyu@MIT.EDU>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 52 E0 3E E9 38 AE 70 58  3F 21 5C C8 5C C4 55 24


Kerberos Installation and Configuration

Install Kerberos

Download and install Kerberos.

$ gzip -cd krb5-1.6.2.tar.gz | tar xvf -
$ cd krb5-1.6.2/src
$ PATH=$PATH:/usr/local/bin ./configure
$ make
# make install

Configure Kerberos

Example /usr/local/etc/krb5.conf assuming:

  • Kerberos domain of DOMAIN.EXAMPLE.COM
  • Key Distribution Center (KDC) of PDC.DOMAIN.EXAMPLE.COM:
       # To prevent encryption type mismatches, limit the Kerberos client
       # libraries to the list supported by Microsoft
       default_tgs_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
       default_tkt_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
       preferred_enctypes   = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC

       # Default realm to append to unqualified principal names
       default_realm = DOMAIN.EXAMPLE.COM

       # Use DNS to locate KDCs
       # This requires:
       # 1. /etc/resolv.conf contains nameservers used by AD clients
       # and servers
       # 2. The /etc/resolv.conf "search" list contains the name of the
       # AD domain
       dns_lookup_kdc = true

# Example of manually configuring KDC lookups
#               kdc =
#       }

OpenLDAP Installation

Download and install OpenLDAP.

$ gzip -cd openldap-2.3.38.tgz | tar xvf -
$ cd openldap-2.3.38
$ PATH=$PATH:/usr/local/bin ./configure --disable-bdb --enable-null --without-tls
checking db.h usability... no
checking db.h presence... no
checking for db.h... no
configure: error: BDB/HDB: BerkeleyDB not available

GNU autoconf (i.e., configure) checks for BerkeleyDB even with the --disable-bdb option. As a workaround, use the --disable-backends option.

$ PATH=$PATH:/usr/local/bin ./configure --disable-backends --enable-null --without-tls
$ make depend
$ make
# make install

Samba Installation and Configuration

Install Samba

Download and install Samba.

$ gzip -cd samba-3.0.26a.tar.gz | tar xvf -
$ cd samba-3.0.26a/source
$ PATH=$PATH:/usr/local/bin ./configure --with-ldap --with-ads --with-krb5=/usr/local --with-winbind
# make install

Configure Samba

Personal tools