Samba configuration file

#======= Global Settings ==================

[global]

netbios name = wilson

workgroup = HSMUM1   <---- domain name

security = ADS

realm = HSMUM1.COM    <---- domain name

password server = HURIXMUMBAI1   <--- ADS  also add in /etc/hosts

winbind separator = +

winbind enum users = yes

winbind enum groups = yes

winbind uid = 10000-20000

winbind gid = 10000-20000

winbind use default domain = yes

template shell = /bin/bash

template homedir = /home/%D/%U

encrypt passwords = yes

                                                                             

[homes]

comment = Home Directories

browseable = no

writable = yes

#============================

edit /etc/krb5.conf

[logging]

default = FILE:/var/log/krb5libs.log

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmind.log

                                                                             

[libdefaults]

default_realm = HSMUM1.COM    <---- domain

dns_lookup_realm = false

dns_lookup_kdc = false

                                                                             

[realms]

HSMUM1.COM = {      <--- domain

kdc = hurixmumbai1:88    <--- ADS

admin_server = hurixmumbai1:749    <--- ADS

default_domain = hsmum1   <--- domain

}

                                                                             

[domain_realm]

.example.com = EXAMPLE.COM

hsmum1 = HSMUM1    <---- domain

                                                                             

[kdc]

profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]

pam = {

debug = false

ticket_lifetime = 36000

renew_lifetime = 36000

forwardable = true

krb4_convert = false

}

#========================================

restart smb and winbind  service

net ads join -U administrator%password

wbinfo -u      < ---- will list out domain users.

wbinfo -t

wbinfo -a wilson.rodrigues%password

plaintext password authentication succeeded

challenge/response password authentication succeeded

getent passwd

getent group

==================

edit /etc/nsswitch.conf

passwd:         compat winbind

group:          compat winbind

shadow:         compat

hosts:          files dns

networks:       files

protocols:      db files

services:       db files

ethers:         db files

rpc:            db files

netgroup:       nis

==============================

enabling squid for domain authentication

edit squid.conf

#======================

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic

     auth_param basic children 5

     auth_param basic realm Squid proxy-caching web server

     auth_param basic credentialsttl 2 hours

acl AuthorizedUsers proxy_auth REQUIRED

http_access allow localhost

http_access allow all AuthorizedUsers

http_access deny all

#======================

for adding parent proxy edit squid.conf

cache_peer  192.168.0.1       parent    6588 0 login=wilson.rodrigues:password

never_direct allow all

================================

edit /etc/pam.d/samba file

@include common-auth

@include common-account

@include common-session

auth required /lib/security/pam_winbind.so service=system-auth

account required /lib/security/pam_winbind.so service=system-auth

================================

1