[Samba] Samba 4 : File server
Andrew Bartlett
abartlet at samba.org
Mon Feb 11 14:51:19 MST 2013
On Mon, 2013-02-11 at 16:54 +0100, BOTZ Franck (Informaticien) - DDT
67/SG/MGI/CI wrote:
> Hi !
>
> I have installed a DC with samba-tool command and it works perfectly !
>
> Control AD with the 2003 tools is very amazing, thanks for the job !
>
> So, my next step is to install a file server as a member of the AD and
> not as a DC
>
> I read carfully this one :
> https://wiki.samba.org/index.php/Samba4/Domain_Member
>
> Compiling samba :
>
> * ./configure --with-ads --with-shared-modules=idmap_ad
> --enable-debug --enable-selftest --prefix=/samba
>
> First of all why --with-ads ? It is not the default feature ?
It is, but what this changes is that the compile will fail (prompting
you to install some development headers, typically) if the right things
are not found. The is very helpful, and long ago I promised to make
that the default behaviour. Sadly I never got around to it.
> * make
> * make install
>
> The krb5.conf was fill with that :
>
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> default_realm = DDCS67.INTRA
> dns_lookup_realm = true
> dns_lookup_kdc = true
> ticket_lifetime = 24h
> forwardable = yes
>
> [appdefaults]
> pam = {
> debug = false
> ticket_lifetime = 36000
> renew_lifetime = 36000
> forwardable = true
> krb4_convert = false
> }
>
> What is appsection ? It is not necessary in a DC wich sharing a
> directory. But why not.
>
> After that , the smb.conf
>
> I was wondering that the smb.conf must be fill by the hand. For the DC,
> running samba-tool command will generate a smb.conf. Before doing this I
> search the options of samba-tool and i find this :
>
> samba-tool domain join DDCS67 --realm=DDCS67.intra -U Administrator
> Password for [WORKGROUP\Administrator]:
> Joined domain DDCS67 (S-1-5-21-1814795784-576591386-2449700327)
>
> Fine, the domain is join !! And the server appear as a Computer in the
> MMC. Good !
>
> Let's run /samba/sbin/samba
>
> The log are :
> At this time the 'samba' binary should only be used for either: 'server
> role = active directory domain controller' or to access the ntvfs file
> server with 'server services = +smb' or the rpc proxy with 'dcerpc
> endpoint servers = remote'
> You should start smbd/nmbd/winbindd instead for domain member and
> standalone file server tasks
>
> Is it me or i read the ntvfs is deprecatted ?
>
> So I run the/samba/sbin/smbd, but with no smb.conf the server does not start
>
> Tesparm give me :
> Load smb config files from /samba/etc/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> params.c:OpenConfFile() - Unable to open configuration file
> "/samba/etc/smb.conf":
>
> Can i Genrate a valid smb.conf for a member with samba-tool ?
I do apologise for this not being as integrated as you would expect.
I'm very proud of the new level of ease of use found in 'samba-tool' and
in the AD DC configuration. Sadly while this command will successfully
join you to the domain, it does not currently generate the smb.conf.
You don't need much, just set:
[globals]
server role = domain member
workgroup = DDCS67
realm = DDCS67.intra
BTW, while I've hooked up 'samba-tool' to work, the advertised command
for joining a domain member is 'net ads join'. We are working to
consolidate the code, but currently it is a different codebase. From my
understanding however, it also will not generate the smb.conf.
I hope this helps, and feel free to file a bug as fixing this should not
be difficult.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list