[Samba] Linux machine to join Samba Domain

vikas c.vikas at altechtechnologies.com
Sat Mar 29 10:08:11 MDT 2014


On Saturday 29 March 2014 06:50 PM, Robert Heller wrote:
> At Sat, 29 Mar 2014 17:50:59 +0530 vikas <c.vikas at altechtechnologies.com> wrote:
>
>>
>> On Tuesday 18 March 2014 08:32 PM, Sven Schwedas wrote:
>>> On 2014-03-18 15:48, vikas wrote:
>>>> hi.. all...
>>>>
>>>> can some one help me understanding how to add linux (mostly ubuntu,suse
>>>> etc)
>>>>
>>>> what exactly i am looking for is what one should do on linux machine
>>>> like editing /etc/nssswitch.conf, pam related file etc..but i dont find
>>>> any standard way where one can add any linux machine to samba domain
>>> Because there isn't any. :-)
>>>
>>>> my goal is to just get authenticate through Samba
>>> There's several ways for thatÂ...
>>>
>>>    Âo Use winbindd. This is probably the most direct equivalent to Windows'
>>> "domain join". It's also crap and only has very limited features right
>>> now (Shell, home etc. aren't read from AD, but statically configured).
>>>
>>>    Âo Use pam_ldap, and nss_ldap, and pam_ccreds, and probably half a dozen
>>> other ill-documented tidbits and not-quite-sufficient software bits and
>>> stitch together a working environment. It's as flexible as it's error
>>> prone, but should work with all corner cases and distributions. Eventually.
>>>
>>>    Âo Use sssd. It's made by RedHat and should be the default for CentOS,
>>> and works sufficiently well with Samba. Needs a bit more client-side
>>> configuration than winbind iirc, but actually uses the provided AD
>>> information like shell and home dir.
>>>
>>>
>>>> Windows machine are successful getting connected to samba with all
>>>> policy working like USB disable through regedit, disable drives etc.
>>> All of these provide authentication only, though. There's no policy
>>> support, you'd need to use some other sync/deployment method for PolKit
>>> et. al. (and can't configure them via AD, as far as I know).
>>>
>>>
>> Hi..all
>> i am trying to authenticate linux machine to samba4 for which i am
>> trying very hard to do using below mention links
>> http://linuxcostablanca.blogspot.com.es/2013/04/ubuntu-client-for-samba4.html
>> http://zachbethel.wordpress.com/2013/04/10/linux-ldap-authentication-with-samba4/
>>
>> okay so what is the question ?
>> some one told me "you can use ldap to authenticate there is no need to
>> join linux machine to samba" so i searched and got this link
>> http://zachbethel.wordpress.com/2013/04/10/linux-ldap-authentication-with-samba4/
>> which doesn't mention joining linux OR probably i am not able to
>> understand it wholly what it is saying due to my confusion..?
>>
>> So how do i authenticate linux using ldap ?
> Assuming the server is a Linux server running samba and using OpenLDap as the
> authentifcation system, then the linux *client* has no need of the samba
> server itself, unless you are only serving the home directory via samba (and
> not running nfs on the Linux server running samba).
>
>> Did you got success using above link ?
>> using linuxcosta link i was somewhat near to success(joined domain ) but
>> not able to login using domain user the only error it was showing was
>> could not contact to ldap server (on local machine) . On server there
>> was no error activity.
> The *first* step is to ask these questions about the LDap setup on the
> server:
>
> 1) Is the server making LDap available on the local subset (as opposed to only
> 127.0.0.1 for the local smb process)?
>
> 2) Is the server using ldap: or ldaps: or something else?
>
> 3) If the server is using SSL or TLS, what is it using as a certificate? Who
> signed the certificate (self-signed or not)?
>
> 4) What is Base on the server set to?
>
> With the answers to these questions, you have the information you need to
> configure /etc/ldap.conf on the client and then nsswitch.conf to use ldap
> authenitifcation.  You will need the PAM LDap libraries installed as well, so
> that PAM can talk to the ldap server (using configuration info in
> /etc/ldap.conf).  This gets users autheniticated.  This is all pretty straight
> forward.  The only other issues are things like firewall settings.  The Linux
> server needs to have a 'hole' in its firewall for LDap: port 389 for non-SSL
> and port 636 if using SSL have to be open on the server, assuming the server
> is running a firewall against the LAN. (It probably already has this open,
> since it is my understanding that AD services is just M$ terminology for LDAP,
> so if the M$ boxes are autheniticating with AD, they are actually using LDAP
> themselves, but don't quote me on that.)
>
> The next step is dealing with $HOME. If the server can run nfsd and friends
> (any Linux machine can do this, if all of the pieces are installed), that
> would be *easiest*. Just a matter of exporting whatever file system $HOME is
> on, usually /home, which presumably is a separate file system from / (if not
> you have a really dumb system admin). If that is the case, the client just
> needs /sbin/mount.nfs* (nfs-utils) and autofs installed. You then just need a
> automount pattern for /home/$USER to mount server:/home/$USER. If NFS is not
> happening, you'll need support for mounting Samba shares under Linux
> (mount.cifs, which should be in the samba-client package), which is somewhat
> nasty because you need to pass authenitifcation information on the mount
> command. The thing here is that NFS is the 'native' (easy) Linux file sharing
> and Netbios (Samba) is the 'foreign' (hard) thing.
>
>> if some one can post there method of linux using samba4 would be great ..
>>
>> thanks...
>>
>>
>>
>>
>>
>>
>>
thanks for reply..

As far as ldap is concerned i am pretty new to it still learning/reading 
much stuff on that. I have installed samba using 
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO

Samba 4.1.5 installed on centos 6.3 64bit bare server

After reading some stuff i figured out that ldap is integrated into 
samba (which i don't understand in a broader view like how this is 
working, if someone knows please tell). I just installed phpldapadmin 
thought that i can see ldap database but no success. (just for information)

my setup is pretty simple just to get authenticate through samba4 
whether linux or windows but for linux i am still trying to get things done.

thanks



More information about the samba mailing list