[Samba] Samba 4.1.9 member server config in a samba 4 ADS Domain

Rowland Penny rowlandpenny at googlemail.com
Tue Jul 22 07:19:59 MDT 2014 

On 22/07/14 14:03, Daniel Müller wrote:
> Dear all,
>
> I try to setup a samba 4 member server on centos 6.5. The wikis and howtos I
> have found are very confusing.
> Which is the right way to do this. So winbind can map the domain users and
> groups.
> What I have done yet is,
> Set up Kerberos working and can contact my ADS-kerberos Servers:
>    klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: Administrator at TPLK.LOC
>
> Valid starting     Expires            Service principal
> 07/22/14 12:34:21  07/22/14 22:34:21  krbtgt/TPLK.LOC at TPLK.LOC
>          renew until 07/29/14 12:34:18
>
> Installed samba4.1.9 from gz without any provision.
> Set winbind right : ldconfig -v |grep winbind
> ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-431.20.3.el6.x86_64.conf:6:
> duplicate hwcap 1 nosegneg
>          libnss_winbind.so -> libnss_winbind.so.2
>          libnss_winbind.so -> libnss_winbind.so.2
>
> set /etc/nsswitch.conf
> to:
> passwd:     files winbind
> shadow:     files
> group:      files  winbind
>
> hosts:      files dns
>
> Do I have to provision the samba4 server in any way to establish a
> /usr/local/samba/etc/smb.conf?

No, you do not provision.

> Or do I make smb.conf by hand?

Yes, you will have to create your smb.conf, this is usually where the 
problems start, easiest way is to use RFC2307 attributes and the ad 
backend, but you could use the rid backend or some other backend that 
virtually few people use.

> Do I have to start windbind in server protocols im [global]!?

winbind is a deamon just like smbd, so you need to start it just like 
smbd, but I think that you mean 'do I have to add winbind lines to the 
global part of smb.conf', if so, then yes if you want to use winbind.

> What is the way to join right to the samba4 ads domain?

I normally just use the 'net' command:

net ads join -U Administrator at EXAMPLE.COM

Rowland

>
> Greetings
> Daniel
>
>
>
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
>
>   
>
>

More information about the samba mailing list