[Samba] Question on approach to authenticate Linux against Samba4

steve steve at steve-ss.com
Thu Jul 25 15:00:41 MDT 2013

On Thu, 2013-07-25 at 19:14 +0000, dahopkins at comcast.net wrote:
> Thank you for the very quick response.  But in trying to follow the
> suggested link, there are few steps are different. 
> First, Step 3 is to install various packages. I already have
> auth-client-config installed which had installed libpam_ldap and
> libnss-ldap since I simply pulled this system into the test
> environment rather than rebuild from scratch. I have uninstalled these
> and then added libnss-ldapd and libpam-ldapd along with the kerberos
> packages.


>   Issue is that I was never asked for a Kerberos realm or IP of the
> DC.  I should have mentioned that this system is running 10.04, not
> 12.04. So .. which config file do I need to edit to ensure that the IP
> of the DC is correctly specified? 

DNS does that so you don't need to. Just run:
sudo dpkg-reconfigure krb5-config
simply copy /usr/local/samba/private/krb5.conf from the DC to /etc on
the client

For good measure add the DC to /etc/hosts on the client.

>  I also installed nslcd.


> Step 6: I already have samba-common, and samba-common-bin (latest for
> 10.04) installed.

10.04 . Did these go in OK?
sasl2-bin libsasl2-2 libsasl2-modules libsasl2-modules-gssapi-mit

>   I'd assume I need to uninstall these and install samba4 instead
> (especially as step 8 is to join the domain).
No. You only need enough of samba on the client to get the net command
to join the domain. Any old version of samba will do. What you have is
more than enough.

More information about the samba mailing list