[Samba] Success with samba4 ( debian wheezy member server )

Tue Dec 17 10:22:00 MST 2013

On 17/12/13 16:41, Cyril wrote:
> There's some points I don't understand :
>
>
>
> > 1) point your dns ( /etc/resolv.conf ) to the ad server.
>
> Ok, This is done by the DHCP server.
>
>
>> 2) make user hostname.domainname works.
>>     test it with :  hostname -s ( single name )
>>                 hostname -d ( domainname )
>>                 hostname -f  ( hostname.domainname )
>
> Ok, I add an "A" entry in the DNS Zone.
>
>
>> 3) TIME MUST BE IN SYNC !! ( apt-get install ntp , edit /etc/ntp.conf 
>> put in server IPofADserver
>
> done
>
>>
>> if this works..
>>
>> apt-get install krb5-user sernet-samba-winbind sernet-samba
>
> I'm using ubuntu. So may I install krb5-user samba4-clients winbind4 ?
> I'll have a try ...
>
> Doesn't work on ubuntu 12.04 LTS.
>
> I'm trying with an older version : samba and winbind
>
>
>> check the /etc/krb5.conf file
>> if you dont see your domain ( realm )
>> type : dpkg-reconfigure -plow krb5-user
>> it should fill it, if not fix it yourselve.
>>
>
> That's ok
>
>> then go here and copy the smb.conf and put it in /etc/samba
>> http://wiki.samba.org/index.php/Samba/Domain_Member
>> !! change the workgroup and realm, and keep the CAPS !
>>
>> edit /etc/default/sernet-samba
>> put in classic
>>
>
> Does that mean that configuring a linux client is nearly the same as 
> configuring a BDC without sharing or other services ?
>
>> start samba.
>>
>> almost there.
>>
>> check /etc/nsswitch.conf
>> should have.
>> passwd:         compat winbind
>> group:          compat winbind
>>
>> wait 10-20 sec.
>>
>> test
>> kinit administrator
>>
> kinit: KDC reply did not match expectations while getting initial 
> credentials
>
> I think, I'll have to try with newer version of samba and winbind
>
>
>> ( you should see administrator at YOURREALM !  )
>> test ok,  Join the domain.
>> net ads join -U administrator
>>
>> joined ?
>>
>
> Damned; my howtname is too long !
> May I use a FQDN for the workstation ?
>
> After having changed the hostname for something shorter :
>
> Using short domain name -- mydomain
> Joined 'mymachine' to realm 'mydomain.com'
> DNS Update for mymachine.mydomain.com failed: ERROR_DNS_INVALID_MESSAGE
> DNS update failed!
>
> I had to use sudo to use "net ads ..."
>
>> now wbinfo -u etc works
>>
>
> wbinfo -u
> Error looking up domain users
> wbinfo -g
> failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
> Error looking up domain groups
> getent passwd
> getent group
>
> What result should give getent ?
> Looks like it show me local data ...
>
>> Greetz,
>>
>> Louis
>
> Cyril
Hi, to put it bluntly, your DHCP setup is not going to work, have a look 
here: 
http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/
It will probably give your clients an ip-address, but it will not update 
the dns server built into Samba 4.

Rowland