[Samba] Trouble of setting samba with join AD
Adhi N. Wirawan
adhi at balicasa.net
Wed Apr 8 22:22:35 MDT 2015
I used this command to provision the domain
sudo /usr/bin/samba-tool domain provision --realm test.sg --domain TEST
--adminpass Pa$$worD --server-role=dc
here below i include my /etc/samba/smb.conf :
# Global parameters
[global]
workgroup = TEST
realm = TEST.SG
netbios name = 4ecapsvsg6
server role = active directory domain controller
dns forwarder = 10.153.64.1
server services = +dns,+dnsupdate
allow dns updates = nonsecure and secure
username map = /etc/samba/smbusers
security = ads
debug level = 3
log level = 0
log file = /var/log/samba4/log.%m
max log size = 50
client lanman auth = yes
bind interfaces only = no
follow symlinks = yes
wide links = yes
unix extensions = no
idmap_ldb:use rfc2307 = Yes
kdc:service ticket lifetime = 36000
kdc:user ticket lifetime = 36000
kdc:renewal lifetime = 36000
#printcap name = /dev/null
#load printers = yes
#disable spoolss = yes
#printing = bsd
socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 TCP_NODELAY
read raw = no
[netlogon]
path = /home/samba/netlogon
# path = /var/db/samba4/sysvol/test.sg/scripts
read only = No
[sysvol]
path = /var/db/samba4/sysvol
read only = No
[Profiles]
path = /mnt/raid/Profiles
read only = No
create mask = 0600
directory mask = 0700
hide unreadable = yes
store dos attributes = Yes
csc policy = disable
profile acls = Yes
vfs object = recycle
recycle:repository = /mnt/raid/.recycle/Profiles/%u/%I/%m/%S
recycle:keeptree = Yes
recycle:versions = Yes
recycle:maxsize = 0
recycle:exclude = Thumbs.db *.tmp *.temp ~$*
recycle:touch = Yes
# shares
[public]
path = /mnt/raid/public
read only = No
hide unreadable = No
vfs object = recycle
recycle:repository = /mnt/raid/.recycle/Public/%u/%I/%m/%S
recycle:keeptree = Yes
recycle:versions = Yes
recycle:maxsize = 0
recycle:exclude = Thumbs.db *.tmp *.temp ~$*
[TEST]
path = /mnt/raid/public
read only = No
hide unreadable = yes
vfs object = recycle
recycle:repository = /mnt/raid/.recycle/TEST/%u/%I/%m/%S
recycle:keeptree = Yes
recycle:versions = Yes
recycle:maxsize = 0
recycle:exclude = Thumbs.db *.tmp *.temp ~$*
[Resources]
path = /mnt/raid/Resources
read only = No
hide unreadable = yes
vfs object = recycle
recycle:repository = /mnt/raid/.recycle/Resources/%u/%I/%m/%S
recycle:keeptree = Yes
recycle:versions = Yes
recycle:maxsize = 0
recycle:exclude = Thumbs.db *.tmp *.temp ~$*
[printers]
path = /var/spool/samba
printable = yes
printing = CUPS
[print$]
path = /mnt/raid/PrinterDrivers
comment = Printer Drivers
writeable = yes
And my /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = TEST.SG
default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
RC4-HMAC DES-CBC-CRC DES-CBC-MD5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
RC4-HMAC DES-CBC-CRC DES-CBC-MD5
preferred_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
RC4-HMAC DES-CBC-CRC DES-CBC-MD5
dns_lookup_realm = false
dns_lookup_kdc = false
forwardable = true
renewable = true
ticket_lifetime = 365d
renew_lifetime = 1000d
[realms]
TEST.SG = {
kdc = 4ecapsvsg6.test.sg:88
admin_server = 4ecapsvsg6.test.sg:749
default_domain = test.sg
}
[domain_realm]
.test.sg = TEST.SG
test.sg = TEST.SG
[appdefaults]
pam = {
debug = false
forwardable = true
renewable = true
ticket_lifetime = 365d
renew_lifetime = 1000d
krb4_convert = false
}
So how do i 'sanitized' 4ecapsvsg6 ?
-Adhi-
---CUT---
>>~# smbclient //4ecapsvsg6/netlogon -UAdministrator%"Pa$$worD" -c 'ls'
>>session setup failed: NT_STATUS_NO_LOGON_SERVERS
>>
>>without it i cannot continue join the domain
>>
>>can you help me out here ?
>>
>
>I think we are going have to see the smb.conf (sanitized) from '4ecapsvsg6'
>
>How did you provision the domain, what command did you use ?
>
>Rowland
More information about the samba
mailing list