[Samba] linux client join DC how?
Bob of Donelson Trophy
bob at donelsontrophy.net
Sun Jan 4 18:37:10 MST 2015
I did a fresh install of Debian with the desktop. I know from Ubuntu
that the network is handled differently in the desktop and the server
versions. So, I am assuming it is a similar situation with Debian. I
could be wrong but . . .
When kerberos installs via the script it (the script) suggests accepting
the 'defaults on the next three screens.' The first screen included the
correct default entry but the second and third are blank and as
instructed I accepted the 'blank' entries.
I do not know if that has anything to do with my issue but, I thought I
would point it out.
When I test, samba is running and DNS test properly.
When I 'net ads join -U Administrator at MYDOMAINNAME.LAN' the entry
requests my Administrator password. When entered, the curser shifts to
the next line and blinks. No connection.
What do you need to know?
Bob Wooden of Donelson Trophy
"Everyone deserves an award!!"
On 2015-01-04 12:14, Rowland Penny wrote:
> On 04/01/15 18:02, Bob of Donelson Trophy wrote:
>> I have seen mentioned in other posts that when joining a DC with your linux client there is a way to do it and NOT use Powerbroker Open (new name for Likewise-Open). Where do I find this procedure?
> OK, is basically here: https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server 
> When you stop to think about it, what is a linux client? it is a member server without shares :-)
> It is very easy:
> Install samba and stop any samba services that start.
> edit /etc/samba/smb.conf
> workgroup = EXAMPLE
> security = ADS
> realm = EXAMPLE.COM
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> server string = Samba 4 Client %h
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> winbind expand groups = 4
> winbind nss info = rfc2307
> winbind refresh tickets = Yes
> winbind normalize names = Yes
> idmap config * : backend = tdb
> idmap config * : range = 2000-9999
> idmap config EXAMPLE : backend = ad
> idmap config EXAMPLE : range = 10000-999999
> idmap config EXAMPLE:schema_mode = rfc2307
> printcap name = cups
> cups options = raw
> usershare allow guests = yes
> domain master = no
> local master = no
> preferred master = no
> os level = 20
> map to guest = bad user
> username map = /etc/samba/smbmap
> create /etc/samba/smbmap
> !root = EXAMPLEAdministrator Administrator admionistrator
> edit /etc/krb5.conf
> default_realm = EXAMPLE.COM
> dns_lookup_realm = false
> dns_lookup_kdc = true
> ticket_lifetime = 24h
> forwardable = yes
> make sure that /etc/resolv.conf points to the AD DC, and dns is setup correctly.
> Then run this command:
> net ads join -U Administrator at EXAMPLE.COM
> Enter Administrators password when requested.
> edit /etc/nsswitch.conf
> add 'winbind' to passwd & group lines
> start samba services
More information about the samba