[Samba] Linux machine to join Samba Domain

vikas c.vikas at altechtechnologies.com
Wed Apr 2 06:20:02 MDT 2014 

Hi
thanks for reply,

i need to start from scratch can some one tell/help with sssd.

question after reading 
https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd
what should i do to start ? Do i have to install sssd on server ?

i tried to compile latest version on client ubuntu 12.04 64bit but it 
was asking that you do not have any openldap server so i though i should 
go with apt-get install samba-common-bin sssd sssd-tools autofs krb5-user ?


Samba compile and domain option used:

./configure --enable-debug --enable-selftest

$/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive


smb.conf *short version *
[global]
         workgroup = IK
         realm = IK.LOCAL
         netbios name = DC
         server role = active directory domain controller
         dns forwarder = 192.168.1.1
         idmap_ldb:use rfc2307 = yes
         log file = /var/log/samba/log.%I
         log level = 0
         printing = bsd
         printcap name = /dev/null
         syslog = 0
#       include = /usr/local/samba/etc/smb.conf.client-%I

smb.conf *long version*
http://pastebin.com/P0V8BxAF


PS: i just tried likewise which worked great but it was not what i want. 
Just thinking that if likewise can work, without modifying any thing on 
server how do i start with other tool(sssd,nslcd etc)

     On Saturday 29 March 2014 06:33 PM, steve wrote:
> On Sat, 2014-03-29 at 17:50 +0530, vikas wrote:
>> On Tuesday 18 March 2014 08:32 PM, Sven Schwedas wrote:
>>> On 2014-03-18 15:48, vikas wrote:
>>>> hi.. all...
>>>>
>>>> can some one help me understanding how to add linux (mostly ubuntu,suse
>>>> etc)
>>>>
>>>> what exactly i am looking for is what one should do on linux machine
>>>> like editing /etc/nssswitch.conf, pam related file etc..but i dont find
>>>> any standard way where one can add any linux machine to samba domain
>>> Because there isn't any. :-)
>>>
>>>> my goal is to just get authenticate through Samba
>>> There's several ways for that...
>>>
>>>    . Use winbindd. This is probably the most direct equivalent to Windows'
>>> "domain join". It's also crap and only has very limited features right
>>> now (Shell, home etc. aren't read from AD, but statically configured).
>>>
>>>    . Use pam_ldap, and nss_ldap, and pam_ccreds, and probably half a dozen
>>> other ill-documented tidbits and not-quite-sufficient software bits and
>>> stitch together a working environment. It's as flexible as it's error
>>> prone, but should work with all corner cases and distributions. Eventually.
>>>
>>>    . Use sssd. It's made by RedHat and should be the default for CentOS,
>>> and works sufficiently well with Samba. Needs a bit more client-side
>>> configuration than winbind iirc, but actually uses the provided AD
>>> information like shell and home dir.
>>>
>>>
>>>> Windows machine are successful getting connected to samba with all
>>>> policy working like USB disable through regedit, disable drives etc.
>>> All of these provide authentication only, though. There's no policy
>>> support, you'd need to use some other sync/deployment method for PolKit
>>> et. al. (and can't configure them via AD, as far as I know).
>>>
>>>
>> Hi..all
>> i am trying to authenticate linux machine to samba4 for which i am
>> trying very hard to do using below mention links
>> http://linuxcostablanca.blogspot.com.es/2013/04/ubuntu-client-for-samba4.html
>> http://zachbethel.wordpress.com/2013/04/10/linux-ldap-authentication-with-samba4/
>>
>> using linuxcosta link i was somewhat near to success(joined domain ) but
>> not able to login using domain user the only error it was showing was
>> could not contact to ldap server (on local machine) . On server there
>> was no error activity.
> OK, you you've joined the domain but can't authenticate? Please post:
> -smb.conf
> -/etc/krb5.conf
> -the output of:
> klist -ke /etc/krb5.keytab
> -/etc/nslcd.conf
> -/etc/nsswitch.conf
>
> And we'll get you authenticated.
> Cheers,
> Steve



> On Saturday 29 March 2014 06:48 PM, Rowland Penny wrote:
> Just what did you do? and what are you confused about?
>  From what you have posted, I think that you want to authenticate ubuntu
> & suse clients to a Centos samba4 AD server. This should not be a
> problem if you follow the instructions on Steves blog :
> http://linuxcostablanca.blogspot.com.es
>
> Just try coming forward in time a bit on his blog, sometime in April
> 2013, I think.
>
>
> Rowland
>
>
>
>

More information about the samba mailing list