AD Authentication
NOTE: For some reason this does not work properly under Debian, My Ubuntu installation works fine but not normal Debian. The Debian system won't authenticate users till after I have authenticated as root then restarted the samba and winbind services... Then it all works perfectly. And yes I know the instructions are for Ubuntu but there should be consistency with Debian.
I acheived this with the help of two links:
- Ubuntu instructions - easier to follow
- Samba documentation - more technical
This wasn't the easiest thing to do, my big tip is don't add comments to the end of lines in your smb.conf as this caused problems
My instructions
First you need to get samba and winbindd:
apt-get install winbind samba
Then you need to look at the configuration.
Make configuration changes as demmonstraited in the Ubuntu instructions steps 3, 4, 5 and 6. Skip 7. Follow 8 and 9.
If when you join your client to the domain you get the error:
KDC reply did not match expectations while getting initial credentials
You didn't put the domain in capitals. it has to be:
net ads join -U user@DOMAIN
Now users can use your server with their AD user names and passwords. There is more to this with many options as is evident from the two guides however this is the bare minimum.
Using default settings this should give your users access to the following things with their AD username & password:
- FTP - see the make /home/ section for this to work fully.
- SSH
- have their own internal webpages hosted by apache.
Notes
These are my notes as I have had issues with the above which worked once but I haven't been able to replicate perfectly.*setup samba
try "winbindd chkconfig" to test config of winbindd
net ads join -U user@DOMAIN
net ads testjoin
-system hangs on login after reboot.
-new link:
daper guide from novel