[Samba] AD-Integration of Samba4 AD DC machine itself?
Rowland Penny
rowlandpenny at googlemail.com
Wed Mar 12 10:12:29 MDT 2014
On 12/03/14 15:34, Sven Geggus wrote:
> Hello,
>
> I have quite some experiance integration Linux Machines into AD
> (mostly the M$ one up to now).
>
> But now I have a Samba AD DC, which works fine so far.
>
> If I understand this correctly, the server itself does not need to be "part"
> of the domain itself as far as user administration is concerned, right?
Wrong, if you look carefully when you provision the domain, you will see
that the server gets joined to the domain, the users then become part of
the domain, just like a windows domain.
>
> For using nss-ldapd I would need a valid /etc/krb5.keytab instead of the
> samba4 integrated database for kerberos principals.
>
> Can I do the following:
>
> 1. run "samba-tool domain exportkeytab /etc/krb5.keytab"
Yes
> 2. stop samba: /etc/init.d/samba stop
If this is what starts and stops your samba4 server, then yes
> 3. add "kerberos method = system keytab" to /etc/samba/smb.conf
Why???
> 4. start samba: /etc/init.d/samba start
Yes
>
> If so will users and computers added in futuere end up in /etc/krb5.keytab
> as expected?
Should do, they do on my server.
>
> Furthermore, which tool can I use to duplicate the "MACHINE$@REALM"
> prinzipal of my DC to the Unix style name style host/machine at REALM?
Again, why?, do you do this with a windows AD server?
Could you please explain what you are trying do and what you expect to
happen.
Rowland
>
> Regards
>
> Sven
>
More information about the samba
mailing list