[Samba] How to join a Linux machine to a Samba4 domain

Sven Schwedas sven.schwedas at tao.at
Fri Jan 31 03:48:41 MST 2014

On 2014-01-31 11:24, Lea Massiot wrote:
>> No. If you want to create a share and serve files from it then it's not a
>> minimum install. 
>> You will have to run smbd. 
>> In this case, I'd install from source exactly as you did for the DC. 
>> But _do not_ provision it as a DC.
> Ok. So indeed, a minimum install is not what I need after all.

I think the confusion comes from you referring to the file _server_
intended to provide shares as _client_. :-)

The file server, which is a domain *member*, needs a full samba4 package
like the DC, it's just going to be configured differently.

Workstations that access the file shares, i.e. *clients*, only need a
compatible smbclient package (I'd recommend using the same version to
avoid problems, but your distribution's smbclient package should suffice).

>> You are also going to need some sort of id mapping so that you know which
>> users own which files.
>> This may or may not affect the [global] section of your smb.conf.
> This I do not understand.
>> We now move into an area in which I am no longer allowed to help :(
> This I do not understand either.

There's a tiny shitstorm about which is the preferred way to
authenticate users on samba4 member servers against AD domains (winbindd
vs. sssd vs. pam_ldap). You might want to take a look into the mailing
list archives about the pros and cons of the alternatives, there've been
some threads about it and summarizing would take too long (50% of the
mailing list volume this month, I think).

> What's the use of a domain if there are no shares on the machines both Linux
> an Windows?
> I mean, it is a Samba(4) domain, not a pure "Windows" domain.

A Samba 4 domain is intended to be indistinguishable from a Windows
domain (with msSFU).

> Maybe I'm missing a point but this is what actually a domain controller is
> useful for in my company: having shares on the machines accessing them
> securely and freely.

The domain controller should only provide a domain (via the samba
dæmon), shares should be provided by member servers, via smbd.

Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140131/600c00dd/attachment.pgp>

More information about the samba mailing list