[Samba] Success with samba4 ( debian wheezy member server )
Cyril
cyril.lalinne at 3d-com.fr
Wed Dec 18 01:59:19 MST 2013
Le 17/12/2013 23:27, steve a écrit :> On Tue, 2013-12-17 at 17:41 +0100,
Cyril wrote:
>> There's some points I don't understand :
>>
>>
>>
>> > 1) point your dns ( /etc/resolv.conf ) to the ad server.
>>
>> Ok, This is done by the DHCP server.
>>
> No chance.
>
> The only way on the member server is to hard code
> 127.0.0.1 hostname.domainname hostname
> to /etc/hosts
>
I think that's already the case, the workstation (windows and linux) is
resolving well the server name without any modification on the client
network configuration.
>>
>>> 2) make user hostname.domainname works.
>>> test it with : hostname -s ( single name )
>>> hostname -d ( domainname )
>>> hostname -f ( hostname.domainname )
>>
>> Ok, I add an "A" entry in the DNS Zone.
>>
> Not necessary. This is done when you join the domain.
I agree when joining windows workstation.
But with Linux workstation, I wasn't able to join without an entry in
the DNS server
>>
>>> 3) TIME MUST BE IN SYNC !! ( apt-get install ntp , edit
/etc/ntp.conf put in server IPofADserver
>>
>> done
>>
>>>
>>> if this works..
>>>
>>> apt-get install krb5-user sernet-samba-winbind sernet-samba
>>
>> I'm using ubuntu. So may I install krb5-user samba4-clients winbind4 ?
>> I'll have a try ...
>>
>> Doesn't work on ubuntu 12.04 LTS.
>>
>> I'm trying with an older version : samba and winbind
>>
>>
>>> check the /etc/krb5.conf file
>>> if you dont see your domain ( realm )
>>> type : dpkg-reconfigure -plow krb5-user
>>> it should fill it, if not fix it yourselve.
>>>
>>
>> That's ok
>>
>>> then go here and copy the smb.conf and put it in /etc/samba
>>> http://wiki.samba.org/index.php/Samba/Domain_Member
>>> !! change the workgroup and realm, and keep the CAPS !
>>>
>>> edit /etc/default/sernet-samba
>>> put in classic
>>>
>>
>> Does that mean that configuring a linux client is nearly the same as
>> configuring a BDC without sharing or other services ?
>>
>>> start samba.
>>>
>>> almost there.
>>>
>>> check /etc/nsswitch.conf
>>> should have.
>>> passwd: compat winbind
>>> group: compat winbind
>>>
>>> wait 10-20 sec.
>>>
>>> test
>>> kinit administrator
>>>
>> kinit: KDC reply did not match expectations while getting initial
>> credentials
>>
>> I think, I'll have to try with newer version of samba and winbind
>>
>>
>>> ( you should see administrator at YOURREALM ! )
>>> test ok, Join the domain.
>>> net ads join -U administrator
>>>
>>> joined ?
>>>
>>
>> Damned; my howtname is too long !
>> May I use a FQDN for the workstation ?
>>
>> After having changed the hostname for something shorter :
>>
>> Using short domain name -- mydomain
>> Joined 'mymachine' to realm 'mydomain.com'
>> DNS Update for mymachine.mydomain.com failed: ERROR_DNS_INVALID_MESSAGE
>> DNS update failed!
>
> It failed because the DC does not know the hostname of your member
> server. You can add A records but it's better to get this right before
> you join the domain. Un join, correct your dns then rejoin. Solution
> above.
>
> HTH
> Steve
>
On that network, I don't have other server than the samba DC
I used old version of samba and winbind on the linux workstation.
I'll have a try with newer version.
Thanks Steve
Cyril
More information about the samba
mailing list