darkness

Start with the official HOWTO on joining Samba 3 to an ADS domain.

• Don’t forget to set up NTP on your Windows server unless you’re going to have your Linux box synchronize to your Windows box. I’ve got both Windows and Linux synchronizing to pool.ntp.org.
• Make sure dns_lookup_kdc = true in /etc/krb5.conf, or else a kinit to your ADS realm will fail.

Everything else seemed to work as documented.

Don’t bother using authconfig (or system-config-authentication or redhat-config-authentication or whatever is in the authconfig-gtk package). I decided to turn on winbind in nsswitch.conf with that, in hopes it would make some other important changes. Instead it basically fucked up /etc/krb5.conf. Just go ahead and put winbind on those couple lines in /etc/nsswitch.conf yourself. Actually, I think it may have mad one other potentially useful change: template shell = /bin/false in /etc/samba/smb.conf.