[Samba] How to join a Linux machine to a Samba4 domain

L.P.H. van Belle belle at bazuin.nl
Fri Jan 31 04:10:03 MST 2014


If you want an as clean as possible install..

install debian, select minial, expert mode, at menu choose only ssh-server. 
setup your basic server. 

so if you only want a domain member server for fileshareing. 

http://wiki.samba.org/index.php/Samba/Domain_Member 
the debian way : 
put this in a file, : /etc/apt/sources.list.d/debian-backports.list 
# Debian Wheezy Backports repository
# stable = wheezy
deb http://ftp.debian.org/debian/ wheezy-backports main contrib non-free
#deb-src http://ftp.debian.org/debian/ wheezy-backports main contrib non-free

apt-get update 

install time server
apt-get install ntp 
and config the ntp to get the time from your DC.

set your resolv.conf to your windows DC 
add 
nameserver IP_OF_DC
search YOURDOMAIN.TLD to resolv.conf 
domain YOURDOMAIN.TLD to resolv.conf 

check you /etc/hosts  ( and correct it ) 
( remove the 127.0.1.1 line ) 
put the ip of the new server your configure in you  DNS

now 
apt-get install krb5-user acl xattr attr
( no need to change anything if resolv.conf is set ok for krb5-user) 

apt-get install winbind -t wheezy-backports
( and if  you want : libnss-winbind libpam-winbind ) 
( and then dont forget to configure the nsswitch.conf )

Join the domain, and setup samba 

this is not needed in debian: ( from wiki) Make domain users/groups available locally through winbind 
If you using the packages. 

start with the basic config from the wiki. 
if you need the rfc2307 install the unix extentions on your windows server. 
and they are available. 

Good luck. 




>-----Oorspronkelijk bericht-----
>Van: sven.schwedas at tao.at 
>[mailto:samba-bounces at lists.samba.org] Namens Sven Schwedas
>Verzonden: vrijdag 31 januari 2014 11:49
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] How to join a Linux machine to a Samba4 domain
>
>On 2014-01-31 11:24, Lea Massiot wrote:
>>> No. If you want to create a share and serve files from it 
>then it's not a
>>> minimum install. 
>>> You will have to run smbd. 
>>> In this case, I'd install from source exactly as you did 
>for the DC. 
>>> But _do not_ provision it as a DC.
>> 
>> Ok. So indeed, a minimum install is not what I need after all.
>
>
>I think the confusion comes from you referring to the file _server_
>intended to provide shares as _client_. :-)
>
>The file server, which is a domain *member*, needs a full 
>samba4 package
>like the DC, it's just going to be configured differently.
>
>Workstations that access the file shares, i.e. *clients*, only need a
>compatible smbclient package (I'd recommend using the same version to
>avoid problems, but your distribution's smbclient package 
>should suffice).
>
>>> You are also going to need some sort of id mapping so that 
>you know which
>>> users own which files.
>>> This may or may not affect the [global] section of your smb.conf.
>> 
>> This I do not understand.
>>
>>> We now move into an area in which I am no longer allowed to help :(
>> 
>> This I do not understand either.
>
>There's a tiny shitstorm about which is the preferred way to
>authenticate users on samba4 member servers against AD domains 
>(winbindd
>vs. sssd vs. pam_ldap). You might want to take a look into the mailing
>list archives about the pros and cons of the alternatives, 
>there've been
>some threads about it and summarizing would take too long (50% of the
>mailing list volume this month, I think).
>
>> What's the use of a domain if there are no shares on the 
>machines both Linux
>> an Windows?
>> I mean, it is a Samba(4) domain, not a pure "Windows" domain.
>
>A Samba 4 domain is intended to be indistinguishable from a Windows
>domain (with msSFU).
>
>> Maybe I'm missing a point but this is what actually a domain 
>controller is
>> useful for in my company: having shares on the machines 
>accessing them
>> securely and freely.
>
>The domain controller should only provide a domain (via the samba
>dæmon), shares should be provided by member servers, via smbd.
>
>
>-- 
>Mit freundlichen Grüßen, / Best Regards,
>Sven Schwedas
>Systemadministrator
>TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
>Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
>http://software.tao.at
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>



More information about the samba mailing list