These are the steps that I took to authenticate my Slackware 10.0 Samba server with a Windows 2003 AD domain controller. This is a rought draft, so forgive any errors (spelling and such).
1) Make sure you install
X11
gimp-print
glib
gimp-print
glib
2) Download cracklib
cd /usr/local/src
tar xvfz "path to downloaded file"
cd "cracklib directory"
make all
make install
tar xvfz "path to downloaded file"
cd "cracklib directory"
make all
make install
3) Download Linux-PAM
./configure
make
make install
make
make install
4) Stop and remove current samba service
/etc/rc.d/rc.samba stop cp /etc/rc.d/rc.samba /etc/rc.d/rc.samba-pam removepkg samba
5) Download samba
cd /usr/local/src
tar xvfz "dir where tarball is"/"samba name".tar.gz
cd "samba dir name"/source
./configure --with-pam --with-pam_smbpass --with-winbind
make
make install
tar xvfz "dir where tarball is"/"samba name".tar.gz
cd "samba dir name"/source
./configure --with-pam --with-pam_smbpass --with-winbind
make
make install
6) Copy these file
cp /usr/local/src/samba/source/nsswitch/pam_winbind.so /lib/security
cp /usr/local/src/samba/source/nsswitch/libnss_winbind.so /lib/security
cp /usr/local/src/samba/source/bin/* /bin
cp /usr/local/src/samba/source/nsswitch/libnss_winbind.so /lib/security
cp /usr/local/src/samba/source/bin/* /bin
7) Edit the rc.samba file change the path where the smbd and nmbd are located.
8) Edit these files
/etc/nsswitch.conf
/usr/local/src/Linux-PAM-0.78/conf/pam.conf
/usr/local/samba/lib/smb.conf
/usr/local/src/Linux-PAM-0.78/conf/pam.conf
/usr/local/samba/lib/smb.conf
9) Then start the winbind service
winbindd
10) Then join the domain
net join member -S "DC name" -U "admin name"
11) Start the samba service
/etc/rc.d/rc.samba start
NOTE: You will need to add the users locually.
/etc/nsswitch.conf should look like this
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# [NOTFOUND=return] Stop searching if not found so far
#
# passwd: files nis
# shadow: files nis
# group: files nis
passwd: files winbind compat
# shadow: files
group: files winbind compat
hosts: files dns
networks: files
services: files
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files
bootparams: files
automount: files
aliases: files
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# [NOTFOUND=return] Stop searching if not found so far
#
# passwd: files nis
# shadow: files nis
# group: files nis
passwd: files winbind compat
# shadow: files
group: files winbind compat
hosts: files dns
networks: files
services: files
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files
bootparams: files
automount: files
aliases: files
Add this to your pam.conf
auth requisite pam_securetty.so
auth requisite pam_nologin.so
auth requisite pam_env.so
auth sufficient pam_winbind.so
auth requisite pam_unix.so nullok
auth requisite
try_first_pass
account requisite pam_time.so
auth sufficient pam_winbind.so
auth requisite pam_unix.so
auth required pam_unix.so
auth optional pam_lastlog.so
auth optional pam_motd.so
auth optional pam_mail.so standard noenv
password required pam_unix.so nullok min=6 max=255 md5
auth requisite pam_nologin.so
auth requisite pam_env.so
auth sufficient pam_winbind.so
auth requisite pam_unix.so nullok
auth requisite
try_first_pass
account requisite pam_time.so
auth sufficient pam_winbind.so
auth requisite pam_unix.so
auth required pam_unix.so
auth optional pam_lastlog.so
auth optional pam_motd.so
auth optional pam_mail.so standard noenv
password required pam_unix.so nullok min=6 max=255 md5
Your smb.conf file should look like this
workgroup = "domain name"
security = Domain
encrypt passwords = yes
password server = "domaian controller"
winbind use default domain = yes
idmap uid = 2000-25000
idmap gid = 2000-25000
template shell = /bin/bash
template homedir = /home/%U
log file = /var/log/samba/log.%m
[name of share]
comment = "comment here"
path = "path to share"
valid users = "add valid users here" ---- space between names
public = no
writable = yes
printable = no
write list = "user names here" ---- space between names
read list = "user names here" ---- space between names
create mask = 0770
security = Domain
encrypt passwords = yes
password server = "domaian controller"
winbind use default domain = yes
idmap uid = 2000-25000
idmap gid = 2000-25000
template shell = /bin/bash
template homedir = /home/%U
log file = /var/log/samba/log.%m
[name of share]
comment = "comment here"
path = "path to share"
valid users = "add valid users here" ---- space between names
public = no
writable = yes
printable = no
write list = "user names here" ---- space between names
read list = "user names here" ---- space between names
create mask = 0770
Your /etc/rc.d/rc.samba file should look like this
samba_start() {
if [ -x /sbin/smbd -a -x /sbin/nmbd -a -r /usr/local/samba/lib/smb.conf ]; then
echo "Starting Samba: /sbin/smbd -D"
/sbin/smbd -D
echo " /sbin/nmbd -D"
/sbin/nmbd -D
fi
}
samba_stop() {
killall smbd nmbd
}
samba_restart() {
samba_stop
sleep 2
samba_start
}
case "$1" in
'start')
samba_start
;;
'stop')
samba_stop
;;
'restart')
samba_restart
;;
*)
# Default is "start", for backwards compatibility with previous
# Slackware versions. This may change to a 'usage' error someday
samba_start
esac
if [ -x /sbin/smbd -a -x /sbin/nmbd -a -r /usr/local/samba/lib/smb.conf ]; then
echo "Starting Samba: /sbin/smbd -D"
/sbin/smbd -D
echo " /sbin/nmbd -D"
/sbin/nmbd -D
fi
}
samba_stop() {
killall smbd nmbd
}
samba_restart() {
samba_stop
sleep 2
samba_start
}
case "$1" in
'start')
samba_start
;;
'stop')
samba_stop
;;
'restart')
samba_restart
;;
*)
# Default is "start", for backwards compatibility with previous
# Slackware versions. This may change to a 'usage' error someday
samba_start
esac