[Samba] Linux machine to join Samba Domain
Rowland Penny
rowlandpenny at googlemail.com
Wed Apr 2 06:28:32 MDT 2014
On 02/04/14 13:20, vikas wrote:
> Hi
> thanks for reply,
>
> i need to start from scratch can some one tell/help with sssd.
>
> question after reading
> https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd
> what should i do to start ? Do i have to install sssd on server ?
>
> i tried to compile latest version on client ubuntu 12.04 64bit but it
> was asking that you do not have any openldap server so i though i
> should go with apt-get install samba-common-bin sssd sssd-tools autofs
> krb5-user ?
>
>
If you need the latest (well not quite the latest) sssd for 12.04, see here:
https://launchpad.net/~sssd/+archive/updates
Rowland
> Samba compile and domain option used:
> ./configure --enable-debug --enable-selftest
> $/usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive
>
> smb.conf *short version *
> [global]
> workgroup = IK
> realm = IK.LOCAL
> netbios name = DC
> server role = active directory domain controller
> dns forwarder = 192.168.1.1
> idmap_ldb:use rfc2307 = yes
> log file = /var/log/samba/log.%I
> log level = 0
> printing = bsd
> printcap name = /dev/null
> syslog = 0
> # include = /usr/local/samba/etc/smb.conf.client-%I
>
> smb.conf *long version*
> http://pastebin.com/P0V8BxAF
>
>
> PS: i just tried likewise which worked great but it was not what i
> want. Just thinking that if likewise can work, without modifying any
> thing on server how do i start with other tool(sssd,nslcd etc)
>
> On Saturday 29 March 2014 06:33 PM, steve wrote:
>> On Sat, 2014-03-29 at 17:50 +0530, vikas wrote:
>>> On Tuesday 18 March 2014 08:32 PM, Sven Schwedas wrote:
>>>> On 2014-03-18 15:48, vikas wrote:
>>>>> hi.. all...
>>>>>
>>>>> can some one help me understanding how to add linux (mostly ubuntu,suse
>>>>> etc)
>>>>>
>>>>> what exactly i am looking for is what one should do on linux machine
>>>>> like editing /etc/nssswitch.conf, pam related file etc..but i dont find
>>>>> any standard way where one can add any linux machine to samba domain
>>>> Because there isn't any. :-)
>>>>
>>>>> my goal is to just get authenticate through Samba
>>>> There's several ways for that...
>>>>
>>>> . Use winbindd. This is probably the most direct equivalent to Windows'
>>>> "domain join". It's also crap and only has very limited features right
>>>> now (Shell, home etc. aren't read from AD, but statically configured).
>>>>
>>>> . Use pam_ldap, and nss_ldap, and pam_ccreds, and probably half a dozen
>>>> other ill-documented tidbits and not-quite-sufficient software bits and
>>>> stitch together a working environment. It's as flexible as it's error
>>>> prone, but should work with all corner cases and distributions. Eventually.
>>>>
>>>> . Use sssd. It's made by RedHat and should be the default for CentOS,
>>>> and works sufficiently well with Samba. Needs a bit more client-side
>>>> configuration than winbind iirc, but actually uses the provided AD
>>>> information like shell and home dir.
>>>>
>>>>
>>>>> Windows machine are successful getting connected to samba with all
>>>>> policy working like USB disable through regedit, disable drives etc.
>>>> All of these provide authentication only, though. There's no policy
>>>> support, you'd need to use some other sync/deployment method for PolKit
>>>> et. al. (and can't configure them via AD, as far as I know).
>>>>
>>>>
>>> Hi..all
>>> i am trying to authenticate linux machine to samba4 for which i am
>>> trying very hard to do using below mention links
>>> http://linuxcostablanca.blogspot.com.es/2013/04/ubuntu-client-for-samba4.html
>>> http://zachbethel.wordpress.com/2013/04/10/linux-ldap-authentication-with-samba4/
>>>
>>> using linuxcosta link i was somewhat near to success(joined domain ) but
>>> not able to login using domain user the only error it was showing was
>>> could not contact to ldap server (on local machine) . On server there
>>> was no error activity.
>> OK, you you've joined the domain but can't authenticate? Please post:
>> -smb.conf
>> -/etc/krb5.conf
>> -the output of:
>> klist -ke /etc/krb5.keytab
>> -/etc/nslcd.conf
>> -/etc/nsswitch.conf
>>
>> And we'll get you authenticated.
>> Cheers,
>> Steve
>
>
>
>> On Saturday 29 March 2014 06:48 PM, Rowland Penny wrote:
>> Just what did you do? and what are you confused about?
>> From what you have posted, I think that you want to authenticate ubuntu
>> & suse clients to a Centos samba4 AD server. This should not be a
>> problem if you follow the instructions on Steves blog :
>> http://linuxcostablanca.blogspot.com.es
>>
>> Just try coming forward in time a bit on his blog, sometime in April
>> 2013, I think.
>>
>>
>> Rowland
>>
>>
>>
>>
>
More information about the samba
mailing list