[Samba] Cannot join Ubuntu12.04 Samba 4.1.17 to domain

Rowland Penny rowlandpenny at googlemail.com
Wed Jun 3 15:46:03 MDT 2015


On 03/06/15 22:04, ivenhov wrote:
> Thanks Rowland.
> I understand smb.conf is bit messy and can affect performance but it should
> not prevent me from joining domain.
>
> Here you go:
>
> [global]
>          workgroup = MYNAT
>          realm = MYNAT.MYCO.BCU
>          server string = My server %h
>          security = ADS
>          password server = dc1001.mynat.myco.bcu
>          map to guest = Bad User
>          obey pam restrictions = Yes
>          pam password change = Yes
>          passwd program = /usr/bin/passwd %u
>          passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>          unix password sync = Yes
>          syslog = 0
>          log file = /var/log/samba/log.%m
>          max log size = 1000
>          server max protocol = SMB2
>          min receivefile size = 13638
>          max xmit = 131072
>          load printers = no
>          printcap name = /dev/null
>          disable spoolss = yes
>          dns proxy = No
>          usershare allow guests = Yes
>          panic action = /usr/share/samba/panic-action %d
>          template homedir = /dev/null
>          template shell = /bin/true
>          winbind enum users = yes
>          winbind enum groups = yes
>          winbind use default domain = yes
>          idmap config * : range = 100000-200000
>          idmap config * : backend = tdb
>          aio read size = 1
>          aio write size = 1
>          aio write behind = true
>          use sendfile = yes
>          write cache size = 12826144
>          printing = bsd
>          print command = lpr -r -P'%p' %s
>          lpq command = lpq -P'%p'
>          lprm command = lprm -P'%p' %j
>          #winbind max domain connections = 5
>          max protocol = SMB2
>          large readwrite = yes
>          winbind offline logon = false
>          #winbind max clients = 1000
>
> [printers]
>          comment = All Printers
>          path = /var/spool/samba
>          create mask = 0700
>          printable = Yes
>          print ok = Yes
>          browseable = No
>
> [print$]
>          comment = Printer Drivers
>          path = /var/lib/samba/printers
>
>
>
>
> Kerberos
> cat /etc/krb5.conf
> [libdefaults]
>          dns_lookup_realm = false
>          dns_lookup_kdc = true
>          default_realm = MYNAT.MYCO.BCU
>
> # The following krb5.conf variables are only for MIT Kerberos.
>          krb4_config = /etc/krb.conf
>          krb4_realms = /etc/krb.realms
>          kdc_timesync = 1
>          ccache_type = 4
>          forwardable = true
>          proxiable = true
>
> # The following libdefaults parameters are only for Heimdal Kerberos.
>          v4_instance_resolve = false
>          v4_name_convert = {
>                  host = {
>                          rcmd = host
>                          ftp = ftp
>                  }
>                  plain = {
>                          something = something-else
>                  }
>          }
>          fcc-mit-ticketflags = true
>
> [realms]
>          MYNAT.MYCO.BCU = {
>                  kdc = dc1001.mynat.myco.bcu
>                  admin_server = dc1001.mynat.myco.bcu
>                  default_domain = mynat.myco.bcu
>          }
>
> [domain_realm]
>          .mynat.myco.bcu = MYNAT.MYCO.BCU
>          mynat.myco.bcu = MYNAT.MYCO.BCU
>
> [login]
>          krb4_convert = true
>          krb4_get_tickets = false
>
>
> cat /etc/resolv.conf
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> nameserver 10.80.8.88
>
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Cannot-join-Ubuntu12-04-Samba-4-1-17-to-domain-tp4684555p4686674.html
> Sent from the Samba - General mailing list archive at Nabble.com.


OK, have a look here: 
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server

The smb.conf on that page is known to work, just adapt it to your domain 
and once everything is working, add lines from your smb.conf to it (but 
check 'man smb.conf' before adding any lines)

Your krb5.conf only needs to be this:

[libdefaults]
         default_realm = MYNAT.MYCO.BCU
         dns_lookup_realm = false
         dns_lookup_kdc = true

Your resolv.conf should be this:

search mynat.myco.bcu
nameserver 10.80.8.88

I presume that 10.80.8.88 is the ipaddress  of your AD DC, if not, it 
needs to be, your AD DC must be the DNS server for your AD domain.

The one thing I forgot to ask for is /etc/hosts, if you are only using 
ipv4, you really only need '127.0.0.1    localhost' in it if you are 
using DHCP, you should also ensure that NetworkManager is not using 
dnsmasq, (you can turn this off in /etc/NetworkManager/NetworkManager.conf)

Rowland


More information about the samba mailing list