Brief notes on getting winbind working -------------------------------------- Under Debian, using domain auth ------------------------------- Add to /etc/samba/smb.conf workgroup = security = domain winbind separator = + winbind cache time = 10 template shell = /bin/bash template homedir = /home/%D/%U winbind uid = 10000-20000 winbind gid = 10000-20000 password server = ip.ad.dr.es wins server = ip.ad.dr.es Add to /etc/pam.d/login (and any others you want, like su, ssh, etc) auth sufficient pam_winbind.so account sufficient pam_winbind.so session sufficient pam_winbind.so Add to /etc/nsswitch.conf passwd: compat winbind group: compat winbind shadow: compat winbind Add machine account in AD Join domain via: $ sudo smbpasswd -j -r -U Administrator Under Solaris, using AD auth ---------------------------- Ref: http://au1.samba.org/samba/docs/man/Samba-HOWTO-Collection.html#ads-member Build Samba 3.0.0 against OpenLDAP, OpenSSL and Kerberos CC=gcc CPPFLAGS="-I/usr/local/ssl/include -I/usr/local/openldap-2.1.22/include/" LDFLAGS="-L/usr/local/ssl/lib/ -L/usr/local/openldap-2.1.22/lib/ -R/usr/local/ssl/lib/ -R/usr/local/openldap-2.1.22/lib/" ./configure --with-ads --with-acl-support --with-winbind Add to smb.conf workgroup = DOMAIN realm = DO.MA.IN.COM security = ADS encrypt passwords = yes # separate domain and username with '+', like DOMAIN+username winbind separator = + # use uids from 10000 to 20000 for domain users idmap uid = 10000-30000 # use gids from 10000 to 20000 for domain groups winbind gid = 10000-30000 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes # give winbind users a real shell (only needed if they have telnet access) #template homedir = /home/winnt/%D/%U template homedir = /usr/users/%U template shell = /usr/bin/bash As a admin user for the domain, run: # net ads join -U username Add winbind to your system startup scripts, and start it. Add the following to /etc/pam.conf: login auth sufficient pam_winbind.so.1 other auth sufficient pam_winbind.so.1 other account sufficient pam_winbind.so.1 Change /etc/nsswitch.conf to have: passwd: files winbind group: files winbind Usage ----- Login to the system as DOMAIN+username wbinfo -u - lists users wbinfo -g - lists groups