Samba setup on Suse 9.2 with Windows 2003 Domain Controller

Posted on 2005-03-17
Medium Priority
Last Modified: 2013-11-30
Hi Guys,

I am going mad I cannot for the life of me get samba to work and it apppears that swat is NOT included with suse 9.2!

I am trying to get samba to talk to my Windows Domain and use the Windows active Directory to authenticate. this for some reason is not happening. can anyone help.
I would prefer to do this without swat, but I maybe being a bit purist!  However I feel I do not learn otherwise.  Can someone give some step by step help.

Question by:sifenwick
1 Comment

Accepted Solution

this213 earned 1000 total points
ID: 13573164
Samba always has issues talking to Windows based PDC's. If it's possible (it isn't always), you'd do better to have the Linux box act as the PDC and drop the AD alltogether (seriously).

If you have to use the Win2k AD, you're going to need the following:
In the first place, you need samba v 3.0 or better with kerberos and LDAP
You can find your samba version with:
smbclient | grep Version

To check for ldap:
rpm -qa | grep ldap-devel
and, finally, the kerboros development libraries
rpm -qa | grep krb
this last should return at least 3 packages: krb5-devel, krb5-libs and krb5-workstation

If you don't have any of these... well, go get them and install them. I'm not going to get into setting up LDAP since I don't know your layout. The file that you want for Kerberos is /etc/krb5.conf - keep in mind that everything in that file is CaSe sensitive. It should be fairly self explanitory.

Also, if the clock time on the Linux machine is more than 5 minutes off from the time on the windows machine no ticket information will work. There are three wys to deal with this:
  1. Have the Linux server act as a network time server, with the windows machine as a client
  2. Have the windows machine act as a time server for the linux client
  3. Make both systems pull the time from the same 3rd server ( some are listed here - http://ntp.isc.org/bin/view/Servers/NTPPoolServers )

Once you've gotten to this point, you can try:
/usr/kerberos/bin/kinit user@DOMAIN.COM
replacing *user* with a real user and DOMAIN.COM with a real domain (which must be UPPERCASE). If things are working, you'll be prompted for a password. If you enter the correct password, you'll come back to a bash shell, if not, you'll be presented with:
"kinit(v5): Preauthentication failed while getting initial credentials"
or some such.

 Back to Samba. In your smb.conf:
realm = DOMAIN.COM
ads server =
security = ADS
encrypt passwords = yes
To Explain further:
DOMAIN.COM - must be the domain name
ads server - should be the resolvable name or IP of the Win2k server (IP address removed the possibility of DNS failure)
security - ADS for Active Directory Service
lastly, passwords must be encrypted.

To add the linux computer to the AD, you need to log into the AD and add it as a user with such privledges, so:
/usr/kerberos/bin/kinit administrator@DOMAIN.COM
then enter your password, then:
/usr/local/samba/bin/net ads join

you should see something like:

To verify this worked, go to the win2k machine and open Active Directory->Users and Computers and look for your linux machine to be listed there.

Once again though, I'd dump the Win2k AD if you're able to do so and just use strictly samba for everything.


Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This installment of Make It Better gives Media Temple customers the latest news, plugins, and tutorials to make their Grid shared hosting experience that much smoother.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

593 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question