[Samba] linux client join DC how?
Rowland Penny
rowlandpenny at googlemail.com
Mon Jan 5 01:58:33 MST 2015
On 05/01/15 01:37, Bob of Donelson Trophy wrote:
>
>
> I did a fresh install of Debian with the desktop. I know from Ubuntu
> that the network is handled differently in the desktop and the server
> versions. So, I am assuming it is a similar situation with Debian. I
> could be wrong but . . .
>
> When kerberos installs via the script it (the script) suggests accepting
> the 'defaults on the next three screens.' The first screen included the
> correct default entry but the second and third are blank and as
> instructed I accepted the 'blank' entries.
Yes, that is what happens, you need to set /etc/krb5.conf to this:
[libdefaults]
default_realm = MYDOMAINNAME.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
Rowland
>
> I do not know if that has anything to do with my issue but, I thought I
> would point it out.
>
> When I test, samba is running and DNS test properly.
>
> When I 'net ads join -U Administrator at MYDOMAINNAME.LAN' the entry
> requests my Administrator password. When entered, the curser shifts to
> the next line and blinks. No connection.
>
> What do you need to know?
>
> ---
>
> -------------------------
>
> Bob Wooden of Donelson Trophy
>
> 615.885.2846 (main)
> www.donelsontrophy.com [2]
>
> "Everyone deserves an award!!"
>
> On 2015-01-04 12:14, Rowland Penny wrote:
>
>> On 04/01/15 18:02, Bob of Donelson Trophy wrote:
>>
>>> I have seen mentioned in other posts that when joining a DC with your linux client there is a way to do it and NOT use Powerbroker Open (new name for Likewise-Open). Where do I find this procedure?
>> OK, is basically here: https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server [1]
>>
>> When you stop to think about it, what is a linux client? it is a member server without shares :-)
>>
>> It is very easy:
>>
>> Install samba and stop any samba services that start.
>>
>> edit /etc/samba/smb.conf
>>
>> [global]
>> workgroup = EXAMPLE
>> security = ADS
>> realm = EXAMPLE.COM
>> dedicated keytab file = /etc/krb5.keytab
>> kerberos method = secrets and keytab
>> server string = Samba 4 Client %h
>> winbind enum users = yes
>> winbind enum groups = yes
>> winbind use default domain = yes
>> winbind expand groups = 4
>> winbind nss info = rfc2307
>> winbind refresh tickets = Yes
>> winbind normalize names = Yes
>> idmap config * : backend = tdb
>> idmap config * : range = 2000-9999
>> idmap config EXAMPLE : backend = ad
>> idmap config EXAMPLE : range = 10000-999999
>> idmap config EXAMPLE:schema_mode = rfc2307
>> printcap name = cups
>> cups options = raw
>> usershare allow guests = yes
>> domain master = no
>> local master = no
>> preferred master = no
>> os level = 20
>> map to guest = bad user
>> username map = /etc/samba/smbmap
>>
>> create /etc/samba/smbmap
>>
>> !root = EXAMPLEAdministrator Administrator admionistrator
>>
>> edit /etc/krb5.conf
>>
>> [libdefaults]
>> default_realm = EXAMPLE.COM
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>> ticket_lifetime = 24h
>> forwardable = yes
>>
>> make sure that /etc/resolv.conf points to the AD DC, and dns is setup correctly.
>>
>> Then run this command:
>>
>> net ads join -U Administrator at EXAMPLE.COM
>>
>> Enter Administrators password when requested.
>>
>> edit /etc/nsswitch.conf
>>
>> add 'winbind' to passwd & group lines
>>
>> start samba services
>>
>> Rowland
>
>
> Links:
> ------
> [1] https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
> [2] http://www.donelsontrophy.com
More information about the samba
mailing list