Samba/Winbind Setup For Active Directory Authentication

Planetshell is setup to use samba's winbind for authentication. The changed/added files are listed below.

Changes to /etc/nsswitch.conf:

passwd: files winbind
shadow: files
group: files winbind

/etc/krb5.conf:

logging
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

libdefaults
clockskew = 6000
default_realm = PLANET.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false

realms
PLANET.LOCAL = {
kdc = 10.5.2.150:88
#admin_server = 10.5.2.150:749
#default_domain = theplanet.com
}

domain_realm
.kerberos.server = PLANET.LOCAL

/etc/samba/smb.conf:

global
workgroup = PLANET
netbios name = planetshell
server string = "Planet Shell"
log file = /var/log/samba/log.%m
max log size = 50
log level = 1
security = ads
realm = PLANET.LOCAL
password server = HELIOS.PLANET.LOCAL
encrypt passwords = yes
smb passwd file = /etc/samba/private/smbpasswd
winbind uid = 10000-20000
winbind gid = 10000-20000
template homedir = /home/THEPLANET/%U
template shell = /bin/bash
winbind use default domain = yes
obey pam restrictions = yes
winbind enum users = yes
winbind enum groups = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
client schannel = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
os level = 1
domain master = no
preferred master = no
wins support = yes
wins server = 172.16.212.20

/etc/init.d/smb (original doesn't use winbind) :

#!/bin/sh
#
# chkconfig: - 91 35
# description: Starts and stops the Samba smbd and nmbd daemons \
# used to provide SMB network services.
#
# pidfile: /var/run/samba/smbd.pid
# pidfile: /var/run/samba/nmbd.pid
# config: /etc/samba/smb.conf

# Source function library.
if -f /etc/init.d/functions ; then
. /etc/init.d/functions
elif -f /etc/rc.d/init.d/functions ; then
. /etc/rc.d/init.d/functions
else
exit 0
fi

# Avoid using root's TMPDIR
unset TMPDIR

# Source networking configuration.
. /etc/sysconfig/network

if -f /etc/sysconfig/samba ; then
. /etc/sysconfig/samba
fi

# Check that networking is up.
${NETWORKING} = "no" && exit 0

# Check that smb.conf exists.
-f /etc/samba/smb.conf || exit 0

# Check that we can write to it... so non-root users stop here
-w /etc/samba/smb.conf || exit 0

RETVAL=0

start() {

KIND="SMB"
echo -n $"Starting $KIND services: "
daemon smbd $SMBDOPTIONS
RETVAL=$?
echo
KIND="NMB"
echo -n $"Starting $KIND services: "
daemon nmbd $NMBDOPTIONS
RETVAL2=$?
KIND="WINBIND"
echo -n $"Starting $KIND services: "
daemon winbindd $NMBDOPTIONS
RETVAL2=$?
echo
[ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && touch /var/lock/subsys/smb || \
RETVAL=1
return $RETVAL

}

stop() {

KIND="SMB"
echo -n $"Shutting down $KIND services: "
killproc smbd
RETVAL=$?
echo
KIND="NMB"
echo -n $"Shutting down $KIND services: "
killproc nmbd
RETVAL2=$?
KIND="WINBIND"
echo -n $"Shutting down $KIND services: "
killproc winbindd
RETVAL2=$?
[ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && rm -f /var/lock/subsys/smb
echo ""
return $RETVAL

}

restart() {

stop
start

}

reload() {

echo -n $"Reloading smb.conf file: "
killproc smbd -HUP
RETVAL=$?
echo
return $RETVAL

}

rhstatus() {

status smbd
status nmbd
status winbindd

}

case "$1" in
start)

start
;;

stop)

stop
;;

restart)

restart
;;

reload)

reload
;;

status)

rhstatus
;;

condrestart)

[ -f /var/lock/subsys/smb ] && restart || :
;;

*)

echo $"Usage: $0 {start|stop|restart|reload|status|condrestart}"
exit 1

esac

exit $?