[Samba] security = ads parameter not working in samba 4.9.5
Rowland penny
rpenny at samba.org
Tue Nov 26 14:04:54 UTC 2019
On 26/11/2019 13:41, Sac Isilia via samba wrote:
> Hi Team,
>
> I need to join the server in AD domain using winbind . Below are the
> package version for reference. The server runs Debian 10 and the default
> install of samba is 4.9.5.
>
> ii samba 2:4.9.5+dfsg-5+deb10u1
> amd64 SMB/CIFS file, print, and login server for Unix
> ii samba-common 2:4.9.5+dfsg-5+deb10u1
> all common files used by both the Samba server and client
>
> ii winbind 2:4.9.5+dfsg-5+deb10u1
> amd64 service to resolve user and group information from Windows
> NT servers
>
> I searched the internet and few samba mailing list and found that it was
> a bug and security = ads will produce error if you start winbind . The
> moment i put in smb.conf "security = user" the winbind starts
> successfully but the server is not joined to domain when i run the command
> net ads join -U xxx I get the below error.
>
> Host is not configured as a member server.
> Invalid configuration. Exiting....
> Failed to join domain: This operation is only allowed for the PDC of the
> domain.
>
> I just couldn't find any solution to the above if samba runs on 4.9.5.
> Please help me so that I can join the server to AD domain.
>
I take it that you haven't read the Samba wiki ?
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Setting_up_a_Basic_smb.conf_File
I would go and read that and then return with any questions you might
have ;-)
But in the mean time, 'security = ADS' clashes with 'server role =
standalone server'
The other question is, is sssd installed ?
If it is, then remove it, you cannot use sssd with winbind.
You are also probably going to need a few extra packages:
acl attr libpam-winbind libpam-krb5 libnss-winbind krb5-config krb5-user ntp
Rowland
More information about the samba
mailing list