[Samba] linux client join DC how?
Rowland Penny
rowlandpenny at googlemail.com
Sun Jan 4 11:14:48 MST 2015
On 04/01/15 18:02, Bob of Donelson Trophy wrote:
>
>
> I have seen mentioned in other posts that when joining a DC with your
> linux client there is a way to do it and NOT use Powerbroker Open (new
> name for Likewise-Open).
>
> Where do I find this procedure?
OK, is basically here:
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
When you stop to think about it, what is a linux client? it is a member
server without shares :-)
It is very easy:
Install samba and stop any samba services that start.
edit /etc/samba/smb.conf
[global]
workgroup = EXAMPLE
security = ADS
realm = EXAMPLE.COM
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
server string = Samba 4 Client %h
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind normalize names = Yes
idmap config * : backend = tdb
idmap config * : range = 2000-9999
idmap config EXAMPLE : backend = ad
idmap config EXAMPLE : range = 10000-999999
idmap config EXAMPLE:schema_mode = rfc2307
printcap name = cups
cups options = raw
usershare allow guests = yes
domain master = no
local master = no
preferred master = no
os level = 20
map to guest = bad user
username map = /etc/samba/smbmap
create /etc/samba/smbmap
!root = EXAMPLE\Administrator Administrator admionistrator
edit /etc/krb5.conf
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
make sure that /etc/resolv.conf points to the AD DC, and dns is setup
correctly.
Then run this command:
net ads join -U Administrator at EXAMPLE.COM
Enter Administrators password when requested.
edit /etc/nsswitch.conf
add 'winbind' to passwd & group lines
start samba services
Rowland
More information about the samba
mailing list