Prerequisite:
Following Samba client RPM’s must be pre-installed on the server:
samba-client-3.0.33-3.7.el5
samba-common-3.0.33-3.7.el5
01)Configuring Linux networking:
a)Make sure that your host file has proper entries for your server [if it is static IP ].
b)Configure DNS client properly. Entries for /etc/resolv.conf file:
search sap.com
nameserver 10.210.1.252
nameserver 10.219.1.252
02)Synchronize the time using NTP.
a)Remove all public server IP’s/Names from /etc/ntp.conf and replace with the Company DNS server IP.
server 10.222.1.252
b)Synchronize the time with spaient time server.
#ntpdate -u 10.222.1.252
c)Start the NTP daemon
# service ntpd restart
d)Set the NTP service to start at boot time.
#chkconfig --level 234 ntpd on
03)Configuring PAM and NSS
a)Run the system-config-authentication in GUI or setup [for authentication configuration] command in CLI.
# system-config-authentication
Check the Winbind option on both the User Information tab (which configures the nss.conf file) and the Authentication tab (which modifies system-auth file).
Click the Configure Winbind button and enter the following entries:
b)Open the /etc/pam.d/system-auth file, then scroll down toward the bottom and insert a highlighted line before the last line. This will create a home directory for a user if doesn’t exists.
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_unix.so
04)Open the /etc/samba/smb.conf and add/edit the highlighted entries in the global section of this file.
[global]
#--authconfig--start-line--
# Generated by authconfig on 2010/02/13 11:48:48
workgroup = sap
password server = dellads2
realm = SAP.COM
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
idmap backend = rid
template shell = /bin/bash
template homedir = /home/%U
winbind use default domain = true
winbind offline logon = false
05)Domain Join and Logging in:
a)Add that machine into a Sapient domain
#net ads join -U
Note: Required NT-ID of a Company IT member who has privileges to add machine into a domain.
b)Start the winbind service and set it up for startup at boot time.
# service winbind restart
# chkconfig --level 234 winbind on
Try logging into the server using your NTID.