Help

Samba as Active Directory Member Server & Station
Samba comme Serveur ou Station Membre d'Active Directory

PRE (step 1)

This series of tests determine:

if Samba 3 is present on the host
if krb5-workstation package is present
if pam_mount is installed

Note that the ./START script can guide you into installing the required libraries.

DATA (step 2)

Kerberos realm	This is usually the same as the DNS domain but in uppercase.
Active Directory DNS	This is the DNS suffix that your Active Directory operates on.
Kerberos DC-Active Directory controller	This is a Domain Controller that delivers Kerberos tickets used in authentication. In case it is not found through DNS. Also referred to as the KDC the Key Distribution Center.
Netbios domain name	This is the (short) name for the domain, the way domains were named before Active Directory.
Netbios server name	This is the Netbios name of the Samba host you are currently configuring. Though this is by no means compulsory, it makes sense to provide the same name as the DNS, to be on the safe side.
OU to place host in	This is the Organizational Unit container the host to be configured will be placed in in Active Directory. This may vary with languages and is 'Computers' in English.
Domain administrator login	Active Directory administrator login you are operating as. This is necessary for a host to enter a domain.
Domain administrator password	Active Directory administrator password.
Domain users group	The container for Domain Users. This is localized and is 'Domain users' in English, 'Utilisa. du domaine' in French.
Hosts allow	This points at the network that is allowed to access the Samba host being configured. This parameter is a comma, space, or tab delimited set of hosts which are permitted to access the Samba services. You can specify the hosts by name or IP number. You can also specify hosts by network/netmask pairs and by netgroup names. See man smb.conf for further reference.
WINS server	This specifies the IP address (or DNS name: IP address for preference) of the WINS server that the host should register with. This is optional and the data will be placed into smb.conf but commented out. The line in smb.conf should be uncommented for the parameter to be active.

PAM (step 3- optional)

This will configure system authentication (/etc/pam.d/system-auth) to use

pam_winbind : use Active Directory authentication, so the user does not have to have a local account to login to this host
pam_mkhomedir : create a local home directory footprint for Active Directory user that does not have a local home.
pam_mount : connect to a Samba or Windows remote share that could contain a domain home. The share will be mounted on the local file system (/mnt/net)

Important note: Tampering with the /etc/pam.d service files may result in the machine being unable to accept any authentication even from root. Should such a situation occur, reboot the system in administrative mode (single) and use an editor to restore the /etc/pam.d/system-auth to its previous contents : remove the pam_winbind, pam_mount, pam_mkhomedir lines and remove use_first-pass in pam_unix line. It is recommended that the system administrator leave a console session open while carrying out the tests.

Home server	This is the Samba or Windows server that hosts the share the user will connect to and will be mounted at /mnt/net.
Home share	This is the name of the share (without any server prefix), usually on one level. If the share is is to be determined at run time and is user- dependent, use $ as a place-holder for the logged-on user name.