From owner-freebsd-net@FreeBSD.ORG Fri Oct 9 21:54:45 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 50309106566B for ; Fri, 9 Oct 2009 21:54:45 +0000 (UTC) (envelope-from tom@tomjudge.com) Received: from tomjudge.vm.bytemark.co.uk (tomjudge.vm.bytemark.co.uk [80.68.91.100]) by mx1.freebsd.org (Postfix) with ESMTP id 137308FC19 for ; Fri, 9 Oct 2009 21:54:44 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by tomjudge.vm.bytemark.co.uk (Postfix) with ESMTP id A9E91489D2; Fri, 9 Oct 2009 22:54:43 +0100 (BST) X-Virus-Scanned: Debian amavisd-new at tomjudge.vm.bytemark.co.uk Received: from tomjudge.vm.bytemark.co.uk ([127.0.0.1]) by localhost (tomjudge.vm.bytemark.co.uk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YIsRKFjMi9ft; Fri, 9 Oct 2009 22:54:40 +0100 (BST) Received: from rita.nodomain (unknown [192.168.205.6]) by tomjudge.vm.bytemark.co.uk (Postfix) with ESMTP id DC479489D0; Fri, 9 Oct 2009 22:54:39 +0100 (BST) Message-ID: <4ACFB0FB.8070501@tomjudge.com> Date: Fri, 09 Oct 2009 21:54:03 +0000 From: Tom Judge User-Agent: Thunderbird 2.0.0.23 (X11/20090822) MIME-Version: 1.0 To: Andrea Venturoli References: <4ACFACC9.5010605@netfence.it> In-Reply-To: <4ACFACC9.5010605@netfence.it> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD + Samba + Active Directory X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2009 21:54:45 -0000 Andrea Venturoli wrote: > Hello. > > I have a setup with two FreeBSD 6.3 domain controllers using samba + > openldap + nss_ldap. > The company might be switching to Active Directory soon (not my > choice, before you ask :-), so I might need to reconfigure the two > FreeBSD boxes to become AD members (with winbindd, nss, whatever). > > I see there's a lot of documentation around and I'm going to read > that; here I just want to ask if everything works as advertised, if > there are some differences between theory and practice, bugs to watch > for, gotchas, etc... > > Thanks in advance to anyone who cares to share it's experience. Here is our recipe: 1) Install security/krb5 2) Install net/samba3 with ADS support and set KRB5_HOME=/usr/local 3) Setup /etc/krb5.conf and smb.conf 4) Link /usr/local/etc/krb5.conf to /etc/krb5.conf 5) kinit administrator 6) net ads join 7) net ads testjoin Hope this helps Tom