[Samba] changing server role = standalone server to 'member server'

Rowland Penny rowlandpenny at googlemail.com
Thu Apr 3 13:38:04 MDT 2014


On 03/04/14 20:16, Carl Wilhelm Soderstrom wrote:
> On 04/02 11:18 , steve wrote:
>> You don't want to join the domain as another DC I don't think.
> Thanks for your clarification.
> Almost all the configuration help I find on the web for Samba v4 seems to
> be for setting up the Samba server as the AD server, rather than how to join
> it to an existing AD server.
>
>> To join
>> as a member server you need a minimal smb.conf:
>>
>> [global]
>> workgroup = EXAMPLE
>> realm = EXAMPLE.COM
>> security = ADS
>> kerberos method = system keytab
>>
>> now join:
>> net ads join -UAdministrator
>>
>> That's it.
> Thanks. That *mostly* worked. I did get this error:
>
> root at samba-4:/etc/samba# net ads join -U administrator
> Enter administrator's password:
> Using short domain name -- EXAMPLEAD
> Joined 'SAMBA-4' to dns domain 'ad.example.com'
> DNS update failed: NT_STATUS_UNSUCCESSFUL
>
> However it seems like I am bound to the domain, based on what I see in 'net
> ads info', 'wbinfo -u' and 'wbinfo -t'.

Don't worry about the 'DNS update failed: NT_STATUS_UNSUCCESSFUL' line, 
it is very very common and is just telling you that the join couldn't 
update DNS, you will be joined to the domain ;-)

>> You may want to use winbind or nscld or sssd to map uid:gid and other
>> Unix information e.g.
>> https://wiki.samba.org/index.php/Samba/Domain_Member
> Winbind I'm familiar with (mostly in that it seems to break occasionally and
> without reason, and then recovers just as mysteriously, tho I'm not entirely
> sure it's winbind). The others I am not, and will have to look at.
If you are familiar with winbind, then go with that, but it will be 
better if you can add the RFC2307 attributes to your users & groups.

Rowland
> Thanks again, your message was really helpful!
>



More information about the samba mailing list