Adding FreeBSD 9 servers to Active Directory with Samba36 and Kerberos

#Take care of time sync issues before anything else
#Configure ntpdate against domain controller and enable or make sure all servers are #pointed to the same time source it’s best to use the domain controller

vi /etc/rc.conf


#Min number of files required for the kernel to deal with AD is 16384, modify systctl.conf
vi /etc/sysctl.conf


#Reboot so the changes take effect
#Make sure /etc/hosts is configured properly
#Adjust per system localhost kgfree

#Create krb5.conf
vi /etc/krb5.conf

default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

dns_lookup_realm = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
kdc =
admin_server =
default_domain = MYDOMAIN
kdc =
[domain_realm] = MYDOMAIN.COM = MYDOMAIN.COM

#Test kerberos
kinit Administrator@MYDOMAIN.COM
#Confirm ticket

#Install Samba
cd /usr/ports/net/samba36
make install clean
#configure options

[X] LDAP With LDAP support
[X] ADS With Active Directory support
[X] WINBIND With WinBIND support
[X] ACL_SUPPORT With ACL support
[X] SYSLOG With Syslog support
[X] PAM_SMBPASS With PAM authentication vs passdb backends
[X] DNSUPDATE With dynamic DNS update(require ADS)
[X] POPT With system-wide POPT library

Choose python bindings
No TLS/SSL for cups

#Configure Samba to start
vi /etc/rc.conf


#Configure Samba
vi /usr/local/etc/smb.conf

workgroup = MYDOMAIN
server string = FreeBSD Server
security = ads
idmap config * : range = 10000-20000
idmap config * : backend = idmap_rid:MYDOMAIN=10000-20000
template shell = /bin/sh
template homedir = /home/%D/%U
winbind use default domain = Yes
load printers = yes
log file = /var/log/samba/log.%m
max log size = 50
wins server =
dns proxy = no

comment = Home Directories
browseable = no
writable = yes

#Test to make sure the conf file is correct and in the expected location (sometimes you #may have to move the smb.conf to /usr/local/etc/samba )

#Join the domain
net ads join -U Administrator

#Home directory creation, we can use pam_mkhomedir
cd /usr/ports/security/pam_mkhomedir
make install clean

#Enable homedir creation with sshd
vi /etc/pam.d/sshd

auth            sufficient             no_warn try_first_pass
auth sufficient /usr/local/lib/ try_first_pass
session required /usr/local/lib/

#Start samba
/usr/local/etc/rc.d/samba start

#Test users and groups (if everything is configure properly you will see a list of domain #users and groups
wbinfo -u
wbinfo -g