[Samba] Linux machine to join Samba Domain
c.vikas at altechtechnologies.com
Sat Mar 29 10:08:11 MDT 2014
On Saturday 29 March 2014 06:50 PM, Robert Heller wrote:
> At Sat, 29 Mar 2014 17:50:59 +0530 vikas <c.vikas at altechtechnologies.com> wrote:
>> On Tuesday 18 March 2014 08:32 PM, Sven Schwedas wrote:
>>> On 2014-03-18 15:48, vikas wrote:
>>>> hi.. all...
>>>> can some one help me understanding how to add linux (mostly ubuntu,suse
>>>> what exactly i am looking for is what one should do on linux machine
>>>> like editing /etc/nssswitch.conf, pam related file etc..but i dont find
>>>> any standard way where one can add any linux machine to samba domain
>>> Because there isn't any. :-)
>>>> my goal is to just get authenticate through Samba
>>> There's several ways for thatÃ‚...
>>> Ã‚o Use winbindd. This is probably the most direct equivalent to Windows'
>>> "domain join". It's also crap and only has very limited features right
>>> now (Shell, home etc. aren't read from AD, but statically configured).
>>> Ã‚o Use pam_ldap, and nss_ldap, and pam_ccreds, and probably half a dozen
>>> other ill-documented tidbits and not-quite-sufficient software bits and
>>> stitch together a working environment. It's as flexible as it's error
>>> prone, but should work with all corner cases and distributions. Eventually.
>>> Ã‚o Use sssd. It's made by RedHat and should be the default for CentOS,
>>> and works sufficiently well with Samba. Needs a bit more client-side
>>> configuration than winbind iirc, but actually uses the provided AD
>>> information like shell and home dir.
>>>> Windows machine are successful getting connected to samba with all
>>>> policy working like USB disable through regedit, disable drives etc.
>>> All of these provide authentication only, though. There's no policy
>>> support, you'd need to use some other sync/deployment method for PolKit
>>> et. al. (and can't configure them via AD, as far as I know).
>> i am trying to authenticate linux machine to samba4 for which i am
>> trying very hard to do using below mention links
>> okay so what is the question ?
>> some one told me "you can use ldap to authenticate there is no need to
>> join linux machine to samba" so i searched and got this link
>> which doesn't mention joining linux OR probably i am not able to
>> understand it wholly what it is saying due to my confusion..?
>> So how do i authenticate linux using ldap ?
> Assuming the server is a Linux server running samba and using OpenLDap as the
> authentifcation system, then the linux *client* has no need of the samba
> server itself, unless you are only serving the home directory via samba (and
> not running nfs on the Linux server running samba).
>> Did you got success using above link ?
>> using linuxcosta link i was somewhat near to success(joined domain ) but
>> not able to login using domain user the only error it was showing was
>> could not contact to ldap server (on local machine) . On server there
>> was no error activity.
> The *first* step is to ask these questions about the LDap setup on the
> 1) Is the server making LDap available on the local subset (as opposed to only
> 127.0.0.1 for the local smb process)?
> 2) Is the server using ldap: or ldaps: or something else?
> 3) If the server is using SSL or TLS, what is it using as a certificate? Who
> signed the certificate (self-signed or not)?
> 4) What is Base on the server set to?
> With the answers to these questions, you have the information you need to
> configure /etc/ldap.conf on the client and then nsswitch.conf to use ldap
> authenitifcation. You will need the PAM LDap libraries installed as well, so
> that PAM can talk to the ldap server (using configuration info in
> /etc/ldap.conf). This gets users autheniticated. This is all pretty straight
> forward. The only other issues are things like firewall settings. The Linux
> server needs to have a 'hole' in its firewall for LDap: port 389 for non-SSL
> and port 636 if using SSL have to be open on the server, assuming the server
> is running a firewall against the LAN. (It probably already has this open,
> since it is my understanding that AD services is just M$ terminology for LDAP,
> so if the M$ boxes are autheniticating with AD, they are actually using LDAP
> themselves, but don't quote me on that.)
> The next step is dealing with $HOME. If the server can run nfsd and friends
> (any Linux machine can do this, if all of the pieces are installed), that
> would be *easiest*. Just a matter of exporting whatever file system $HOME is
> on, usually /home, which presumably is a separate file system from / (if not
> you have a really dumb system admin). If that is the case, the client just
> needs /sbin/mount.nfs* (nfs-utils) and autofs installed. You then just need a
> automount pattern for /home/$USER to mount server:/home/$USER. If NFS is not
> happening, you'll need support for mounting Samba shares under Linux
> (mount.cifs, which should be in the samba-client package), which is somewhat
> nasty because you need to pass authenitifcation information on the mount
> command. The thing here is that NFS is the 'native' (easy) Linux file sharing
> and Netbios (Samba) is the 'foreign' (hard) thing.
>> if some one can post there method of linux using samba4 would be great ..
thanks for reply..
As far as ldap is concerned i am pretty new to it still learning/reading
much stuff on that. I have installed samba using
Samba 4.1.5 installed on centos 6.3 64bit bare server
After reading some stuff i figured out that ldap is integrated into
samba (which i don't understand in a broader view like how this is
working, if someone knows please tell). I just installed phpldapadmin
thought that i can see ldap database but no success. (just for information)
my setup is pretty simple just to get authenticate through samba4
whether linux or windows but for linux i am still trying to get things done.
More information about the samba