[Samba] Linux machine to join Samba Domain

vikas c.vikas at altechtechnologies.com
Wed Apr 2 10:11:36 MDT 2014 

okay installed latest sssd and created sssd.conf file now where to go? 
how do i auth using Domain user? Or is there any thing more to do ? How 
do i verify things are now working(getent group shows only local info) ?

sssd.conf
[domain/IK.LOCAL]

autofs_provider = ldap
cache_credentials = False
debug_level = 6
krb5_realm = IK.LOCAL
ldap_search_base = ou=users,dc=ik,dc=local
id_provider = ldap
auth_provider = ldap
min_id = 10
max_id = 99999
chpass_provider = ldap
ldap_schema = rfc2307
ldap_uri = ldap://192.168.10.16/
ldap_id_use_start_tls = False
ldap_tls_reqcert = never
#ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_group_search_base = ou=group,dc=ik,dc=local
ldap_user_name=uid
[sssd]
services = nss, pam, autofs
config_file_version = 2

domains = IK.LOCAl
[nss]

[pam]

[sudo]

[autofs]

[ssh]

[pac]


add entry to hosts and resolv.conf

On Wednesday 02 April 2014 05:58 PM, Rowland Penny wrote:
> On 02/04/14 13:20, vikas wrote:
>> Hi
>> thanks for reply,
>>
>> i need to start from scratch can some one tell/help with sssd.
>>
>> question after reading 
>> https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd
>> what should i do to start ? Do i have to install sssd on server ?
>>
>> i tried to compile latest version on client ubuntu 12.04 64bit but it 
>> was asking that you do not have any openldap server so i though i 
>> should go with apt-get install samba-common-bin sssd sssd-tools 
>> autofs krb5-user ?
>>
>>
> If you need the latest (well not quite the latest) sssd for 12.04, see 
> here:
>
> https://launchpad.net/~sssd/+archive/updates
>
> Rowland
>> Samba compile and domain option used:
>> ./configure --enable-debug --enable-selftest
>> $/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 
>> --interactive
>>
>> smb.conf *short version *
>> [global]
>>         workgroup = IK
>>         realm = IK.LOCAL
>>         netbios name = DC
>>         server role = active directory domain controller
>>         dns forwarder = 192.168.1.1
>>         idmap_ldb:use rfc2307 = yes
>>         log file = /var/log/samba/log.%I
>>         log level = 0
>>         printing = bsd
>>         printcap name = /dev/null
>>         syslog = 0
>> #       include = /usr/local/samba/etc/smb.conf.client-%I
>>
>> smb.conf *long version*
>> http://pastebin.com/P0V8BxAF
>>
>>
>> PS: i just tried likewise which worked great but it was not what i 
>> want. Just thinking that if likewise can work, without modifying any 
>> thing on server how do i start with other tool(sssd,nslcd etc)
>>
>>     On Saturday 29 March 2014 06:33 PM, steve wrote:
>>> On Sat, 2014-03-29 at 17:50 +0530, vikas wrote:
>>>> On Tuesday 18 March 2014 08:32 PM, Sven Schwedas wrote:
>>>>> On 2014-03-18 15:48, vikas wrote:
>>>>>> hi.. all...
>>>>>>
>>>>>> can some one help me understanding how to add linux (mostly 
>>>>>> ubuntu,suse
>>>>>> etc)
>>>>>>
>>>>>> what exactly i am looking for is what one should do on linux machine
>>>>>> like editing /etc/nssswitch.conf, pam related file etc..but i 
>>>>>> dont find
>>>>>> any standard way where one can add any linux machine to samba domain
>>>>> Because there isn't any. :-)
>>>>>
>>>>>> my goal is to just get authenticate through Samba
>>>>> There's several ways for that...
>>>>>
>>>>>    . Use winbindd. This is probably the most direct equivalent to 
>>>>> Windows'
>>>>> "domain join". It's also crap and only has very limited features 
>>>>> right
>>>>> now (Shell, home etc. aren't read from AD, but statically 
>>>>> configured).
>>>>>
>>>>>    . Use pam_ldap, and nss_ldap, and pam_ccreds, and probably half 
>>>>> a dozen
>>>>> other ill-documented tidbits and not-quite-sufficient software 
>>>>> bits and
>>>>> stitch together a working environment. It's as flexible as it's error
>>>>> prone, but should work with all corner cases and distributions. 
>>>>> Eventually.
>>>>>
>>>>>    . Use sssd. It's made by RedHat and should be the default for 
>>>>> CentOS,
>>>>> and works sufficiently well with Samba. Needs a bit more client-side
>>>>> configuration than winbind iirc, but actually uses the provided AD
>>>>> information like shell and home dir.
>>>>>
>>>>>
>>>>>> Windows machine are successful getting connected to samba with all
>>>>>> policy working like USB disable through regedit, disable drives etc.
>>>>> All of these provide authentication only, though. There's no policy
>>>>> support, you'd need to use some other sync/deployment method for 
>>>>> PolKit
>>>>> et. al. (and can't configure them via AD, as far as I know).
>>>>>
>>>>>
>>>> Hi..all
>>>> i am trying to authenticate linux machine to samba4 for which i am
>>>> trying very hard to do using below mention links
>>>> http://linuxcostablanca.blogspot.com.es/2013/04/ubuntu-client-for-samba4.html 
>>>>
>>>> http://zachbethel.wordpress.com/2013/04/10/linux-ldap-authentication-with-samba4/ 
>>>>
>>>>
>>>> using linuxcosta link i was somewhat near to success(joined domain 
>>>> ) but
>>>> not able to login using domain user the only error it was showing was
>>>> could not contact to ldap server (on local machine) . On server there
>>>> was no error activity.
>>> OK, you you've joined the domain but can't authenticate? Please post:
>>> -smb.conf
>>> -/etc/krb5.conf
>>> -the output of:
>>> klist -ke /etc/krb5.keytab
>>> -/etc/nslcd.conf
>>> -/etc/nsswitch.conf
>>>
>>> And we'll get you authenticated.
>>> Cheers,
>>> Steve
>>
>>
>>
>>> On Saturday 29 March 2014 06:48 PM, Rowland Penny wrote:
>>> Just what did you do? and what are you confused about?
>>>  From what you have posted, I think that you want to authenticate 
>>> ubuntu
>>> & suse clients to a Centos samba4 AD server. This should not be a
>>> problem if you follow the instructions on Steves blog :
>>> http://linuxcostablanca.blogspot.com.es
>>>
>>> Just try coming forward in time a bit on his blog, sometime in April
>>> 2013, I think.
>>>
>>>
>>> Rowland
>>>
>>>
>>>
>>>
>>
>
>

More information about the samba mailing list