[Samba] Success with samba4 ( debian wheezy member server )

Cyril cyril.lalinne at 3d-com.fr
Tue Dec 17 09:41:08 MST 2013 

There's some points I don't understand :



 > 1) point your dns ( /etc/resolv.conf ) to the ad server.

Ok, This is done by the DHCP server.


> 2) make user hostname.domainname works.
> 	test it with :  hostname -s ( single name )
> 			    hostname -d ( domainname )
> 			    hostname -f  ( hostname.domainname )

Ok, I add an "A" entry in the DNS Zone.


> 3) TIME MUST BE IN SYNC !! ( apt-get install ntp , edit /etc/ntp.conf put in server IPofADserver

done

>
> if this works..
>
> apt-get install krb5-user sernet-samba-winbind sernet-samba

I'm using ubuntu. So may I install krb5-user samba4-clients winbind4 ?
I'll have a try ...

Doesn't work on ubuntu 12.04 LTS.

I'm trying with an older version : samba and winbind


> check the /etc/krb5.conf file
> if you dont see your domain ( realm )
> type : dpkg-reconfigure -plow krb5-user
> it should fill it, if not fix it yourselve.
>

That's ok

> then go here and copy the smb.conf and put it in /etc/samba
> http://wiki.samba.org/index.php/Samba/Domain_Member
> !! change the workgroup and realm, and keep the CAPS !
>
> edit /etc/default/sernet-samba
> put in classic
>

Does that mean that configuring a linux client is nearly the same as 
configuring a BDC without sharing or other services ?

> start samba.
>
> almost there.
>
> check /etc/nsswitch.conf
> should have.
> passwd:         compat winbind
> group:          compat winbind
>
> wait 10-20 sec.
>
> test
> kinit administrator
>
kinit: KDC reply did not match expectations while getting initial 
credentials

I think, I'll have to try with newer version of samba and winbind


> ( you should see administrator at YOURREALM !  )
> test ok,  Join the domain.
> net ads join -U administrator
>
> joined ?
>

Damned; my howtname is too long !
May I use a FQDN for the workstation ?

After having changed the hostname for something shorter :

Using short domain name -- mydomain
Joined 'mymachine' to realm 'mydomain.com'
DNS Update for mymachine.mydomain.com failed: ERROR_DNS_INVALID_MESSAGE
DNS update failed!

I had to use sudo to use "net ads ..."

> now wbinfo -u etc works
>

wbinfo -u
Error looking up domain users
wbinfo -g
failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
Error looking up domain groups
getent passwd
getent group

What result should give getent ?
Looks like it show me local data ...

> Greetz,
>
> Louis

Cyril

More information about the samba mailing list