[Samba] Cannot join Ubuntu12.04 Samba 4.1.17 to domain
Rowland Penny
rowlandpenny at googlemail.com
Wed Jun 3 15:46:03 MDT 2015
On 03/06/15 22:04, ivenhov wrote:
> Thanks Rowland.
> I understand smb.conf is bit messy and can affect performance but it should
> not prevent me from joining domain.
>
> Here you go:
>
> [global]
> workgroup = MYNAT
> realm = MYNAT.MYCO.BCU
> server string = My server %h
> security = ADS
> password server = dc1001.mynat.myco.bcu
> map to guest = Bad User
> obey pam restrictions = Yes
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> unix password sync = Yes
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> server max protocol = SMB2
> min receivefile size = 13638
> max xmit = 131072
> load printers = no
> printcap name = /dev/null
> disable spoolss = yes
> dns proxy = No
> usershare allow guests = Yes
> panic action = /usr/share/samba/panic-action %d
> template homedir = /dev/null
> template shell = /bin/true
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> idmap config * : range = 100000-200000
> idmap config * : backend = tdb
> aio read size = 1
> aio write size = 1
> aio write behind = true
> use sendfile = yes
> write cache size = 12826144
> printing = bsd
> print command = lpr -r -P'%p' %s
> lpq command = lpq -P'%p'
> lprm command = lprm -P'%p' %j
> #winbind max domain connections = 5
> max protocol = SMB2
> large readwrite = yes
> winbind offline logon = false
> #winbind max clients = 1000
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> create mask = 0700
> printable = Yes
> print ok = Yes
> browseable = No
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
>
>
>
>
> Kerberos
> cat /etc/krb5.conf
> [libdefaults]
> dns_lookup_realm = false
> dns_lookup_kdc = true
> default_realm = MYNAT.MYCO.BCU
>
> # The following krb5.conf variables are only for MIT Kerberos.
> krb4_config = /etc/krb.conf
> krb4_realms = /etc/krb.realms
> kdc_timesync = 1
> ccache_type = 4
> forwardable = true
> proxiable = true
>
> # The following libdefaults parameters are only for Heimdal Kerberos.
> v4_instance_resolve = false
> v4_name_convert = {
> host = {
> rcmd = host
> ftp = ftp
> }
> plain = {
> something = something-else
> }
> }
> fcc-mit-ticketflags = true
>
> [realms]
> MYNAT.MYCO.BCU = {
> kdc = dc1001.mynat.myco.bcu
> admin_server = dc1001.mynat.myco.bcu
> default_domain = mynat.myco.bcu
> }
>
> [domain_realm]
> .mynat.myco.bcu = MYNAT.MYCO.BCU
> mynat.myco.bcu = MYNAT.MYCO.BCU
>
> [login]
> krb4_convert = true
> krb4_get_tickets = false
>
>
> cat /etc/resolv.conf
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> nameserver 10.80.8.88
>
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Cannot-join-Ubuntu12-04-Samba-4-1-17-to-domain-tp4684555p4686674.html
> Sent from the Samba - General mailing list archive at Nabble.com.
OK, have a look here:
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
The smb.conf on that page is known to work, just adapt it to your domain
and once everything is working, add lines from your smb.conf to it (but
check 'man smb.conf' before adding any lines)
Your krb5.conf only needs to be this:
[libdefaults]
default_realm = MYNAT.MYCO.BCU
dns_lookup_realm = false
dns_lookup_kdc = true
Your resolv.conf should be this:
search mynat.myco.bcu
nameserver 10.80.8.88
I presume that 10.80.8.88 is the ipaddress of your AD DC, if not, it
needs to be, your AD DC must be the DNS server for your AD domain.
The one thing I forgot to ask for is /etc/hosts, if you are only using
ipv4, you really only need '127.0.0.1 localhost' in it if you are
using DHCP, you should also ensure that NetworkManager is not using
dnsmasq, (you can turn this off in /etc/NetworkManager/NetworkManager.conf)
Rowland
More information about the samba
mailing list