[Samba] Success with samba4 ( debian wheezy member server )

steve steve at steve-ss.com
Tue Dec 17 15:27:14 MST 2013 

On Tue, 2013-12-17 at 17:41 +0100, Cyril wrote:
> There's some points I don't understand :
> 
> 
> 
>  > 1) point your dns ( /etc/resolv.conf ) to the ad server.
> 
> Ok, This is done by the DHCP server.
> 
No chance.

The only way on the member server is to hard code
127.0.0.1 hostname.domainname hostname
to /etc/hosts

> 
> > 2) make user hostname.domainname works.
> > 	test it with :  hostname -s ( single name )
> > 			    hostname -d ( domainname )
> > 			    hostname -f  ( hostname.domainname )
> 
> Ok, I add an "A" entry in the DNS Zone.
> 
Not necessary. This is done when you join the domain.
> 
> > 3) TIME MUST BE IN SYNC !! ( apt-get install ntp , edit /etc/ntp.conf put in server IPofADserver
> 
> done
> 
> >
> > if this works..
> >
> > apt-get install krb5-user sernet-samba-winbind sernet-samba
> 
> I'm using ubuntu. So may I install krb5-user samba4-clients winbind4 ?
> I'll have a try ...
> 
> Doesn't work on ubuntu 12.04 LTS.
> 
> I'm trying with an older version : samba and winbind
> 
> 
> > check the /etc/krb5.conf file
> > if you dont see your domain ( realm )
> > type : dpkg-reconfigure -plow krb5-user
> > it should fill it, if not fix it yourselve.
> >
> 
> That's ok
> 
> > then go here and copy the smb.conf and put it in /etc/samba
> > http://wiki.samba.org/index.php/Samba/Domain_Member
> > !! change the workgroup and realm, and keep the CAPS !
> >
> > edit /etc/default/sernet-samba
> > put in classic
> >
> 
> Does that mean that configuring a linux client is nearly the same as 
> configuring a BDC without sharing or other services ?
> 
> > start samba.
> >
> > almost there.
> >
> > check /etc/nsswitch.conf
> > should have.
> > passwd:         compat winbind
> > group:          compat winbind
> >
> > wait 10-20 sec.
> >
> > test
> > kinit administrator
> >
> kinit: KDC reply did not match expectations while getting initial 
> credentials
> 
> I think, I'll have to try with newer version of samba and winbind
> 
> 
> > ( you should see administrator at YOURREALM !  )
> > test ok,  Join the domain.
> > net ads join -U administrator
> >
> > joined ?
> >
> 
> Damned; my howtname is too long !
> May I use a FQDN for the workstation ?
> 
> After having changed the hostname for something shorter :
> 
> Using short domain name -- mydomain
> Joined 'mymachine' to realm 'mydomain.com'
> DNS Update for mymachine.mydomain.com failed: ERROR_DNS_INVALID_MESSAGE
> DNS update failed!

It failed because the DC does not know the hostname of your member
server. You can add A records but it's better to get this right before
you join the domain. Un join, correct your dns then rejoin. Solution
above.

HTH
Steve

More information about the samba mailing list