First, make sure kerberos is installed: # rpm -qa | grepkrb this should return at least 3 packages: krb5-devel, krb5-libs

and krb5-workstation Next, make sure the ldap development libraries are installed: # rpm -qa | grepldap-devel If either of these returns nothing, you'll need to install them - which you can do from the Redhat CD. make sure there's an entry for your active directory DC in your /etc/hosts file: 1.2.3.4 addc.example.comaddc Next, edit your /etc/krb5.conf to match your site. Everything should be fairly self-explanitory - and everything is case sensitive. Do not comment this file. Once you've gotten to this point, you can try: # /usr/kerberos/bin/kinitu...@domain.com replacing *user* with a real user and DOMAIN.COM with a real domain (which must be UPPERCASE). If things are working, you'll be prompted for a password. If you enter the correct password, you'll come back to a bash shell, if not, you should be presented with: "kinit(v5): Preauthentication failed while getting initial credentials" or some such. Note: If the clock time on the Linux machine is more than 5 minutes off from the time on the windows machine no ticket information will work. There are threewys to deal with this: 1. Have the Linux server act as a network time server, with the windows machine as a client 2. Have the windows machine act as a time server for the linux client 3. Make both systems pull the time from the same 3rd server ( some are listed here - http://ntp.isc.org/bin/view/Servers/NTPPoolServers )

Next, uninstall samba if it's installed: # rpm -e samba get the latest version of samba: $ wget "http://us1.samba.org/samba/ftp/samba-latest.tar.gz%22; expand and install samba: $ tar -zxvf samba*.tar.gz $ cd samba-3.0.13

$ ./configure --prefix=/usr/local/samba --with-ldap --with-ads --with-krb5 --with-pam --with-winbind # make&& make install 1. $ tar -zxvf samba*.tar.gz 2. 3. $ cd samba-3.0.13 4. 5. $ ./configure --prefix=/usr/local/samba --with-ldap --with-ads --with-krb5 --with-pam --with-winbind 6. 7. # make && make install

In your smb.conf: ----8<----wins support = Yes name resolve order = wins lmhosts hosts bcast wins server = wins_server_ip_address netbios name = LINUX_SERVER_NAME realm = DOMAIN.COM ads server = 123.123.123.123 security = ADS encrypt passwords = yes ----8<----start samba: # /etc/rc.d/init.d/smb start To add the linux computer to the AD, you need to log into the DC and add it as a user with such privledges, so (from the Linux system): # /usr/local/samba/bin/net ads join -U Administrator it should prompt you for Administrator's password. Note that Administrator should be a user with the right to add a computer to the AD. you should see something like: Joined 'LINUX_MACHINE_NAME' to realm 'DOMAIN.COM' To verify this worked, go to the windows DC and open Active Directory->Users

and Computers and look for your linux machine to be listed there.

wins support = name resolve order = wins server = wins_server_ip_address netbios name = realm = DOMAIN.COM ads server = security = ADS encrypt passwords = yes

# rpm -qa | grepkrb this should return at least 3 packages: krb5-devel, krb5-libs and krb5-workstation Next, make sure the ldap development libraries are installed: # rpm -qa | grepldap-devel If either of these returns nothing, you'll need to install them - which you can do from the Redhat CD. make sure there's an entry for your active directory DC in your /etc/hosts file: 1.2.3.4 addc.example.com addc

Next, edit your /etc/krb5.conf to match your site. Everything should be fairly selfexplanitory - and everything is case sensitive. Do not comment this file. Once you've gotten to this point, you can try: # /usr/kerberos/bin/kinit user@DOMAIN.COM replacing *user* with a real user and DOMAIN.COM with a real domain (which must be UPPERCASE). If things are working, you'll be prompted for a password. If you enter the correct password, you'll come back to a bash shell, if not, you should be presented with: "kinit(v5): Preauthentication failed while getting initial credentials" or some such. Note: If the clock time on the Linux machine is more than 5 minutes off from the time on the windows machine no ticket information will work. There are three wys to deal with this: 1. Have the Linux server act as a network time server, with the windows machine as a client 2. Have the windows machine act as a time server for the linux client 3. Make both systems pull the time from the same 3rd server ( some are listed here http://ntp.isc.org/bin/view/Servers/NTPPoolServers )

Next, uninstall samba if it's installed: # rpm -e samba get the latest version of samba: $ wget "http://us1.samba.org/samba/ftp/samba-latest.tar.gz" expand and install samba: Code: [ Download ] [ Select ] [ Line Numbers Off ] $ tar -zxvf samba*.tar.gz $ cd samba-3.0.13 $ ./configure --prefix=/usr/local/samba --with-ldap --with-ads --with-krb5 --with-pam -with-winbind # make&& make install

In your smb.conf: ----8<----netbios name = LINUX_SERVER_NAME realm = DOMAIN.COM ads server = 123.123.123.123 security = ADS encrypt passwords = yes ----8<----start samba: # /etc/rc.d/init.d/smb start