[Samba] unable to join a SAMBA linux box to MSWindows 2012 AD
tsmafts
tsmafts at afts.com
Thu Jun 4 12:23:39 MDT 2015
On 2015-06-02 11:00, samba-request at lists.samba.org wrote:
> From: Rowland Penny <rowlandpenny at googlemail.com>
> Precedence: list
> MIME-Version: 1.0
> To: samba at lists.samba.org
> References: <39f4efa684c5c13791542c12a0427582 at rh5.afts.com>
> In-Reply-To: <39f4efa684c5c13791542c12a0427582 at rh5.afts.com>
> Date: Tue, 02 Jun 2015 10:22:47 +0100
> Message-ID: <556D75E7.2030504 at googlemail.com>
> Content-Type: text/plain; charset=windows-1252; format=flowed
> Subject: Re: [Samba] unable to join a SAMBA linux box to MSWindows 2012 AD
> Message: 23
>
> On 01/06/15 00:53, tsmafts wrote:
>
>> Linux debian1 3.2.0-4-686-pae #1 SMP Debian 3.2.68-1+deb7u1 i686 GNU/Linux it is serving as file server for a few windows pcs in a satellite office. I am trying to join the machine to a AD Domain in our main office.
>
> It looks like you are using Debian wheezy with the standard 3.6.x
> version of samba and if you look through what you posted there is this:
>
> Invalid configuration. Exiting....
>
> Pretty explicit why it doesn't work, have a look here:
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server [1]
>
> There is a known working smb.conf on that page, adapt it to your realm,
> workgroup etc and try again, once you have got samba working again, you
> could then start adding some of the lines that you have in your
> original, but be very selective, quite a lot of what you have isn't
> needed any more. I would suggest you read 'man smb.conf'.
>
> You can upgrade to a later samba version by using the backports repo or
> by using the samba packages from sernet, though this would involve
> registering with sernet (this is free).
>
> Rowland
Thank you, i had created the smb.conf with the gnome app and then (after
uninstalling that app) with SWAT.
Took the sample you pointed to and now the global section is:
[global]
log file = /var/log/samba/%U.%m.log
read raw = no
write raw = no
realm = fask.COM
netbios name = CCSOO
server string = %h server
workgroup = fask
os level = 25
debug level = 1
security = ADS
preferred master = no
winbind separator = #
max log size = 99
log level = 3
idmap config fask:range = 10000-99999
idmap config fask:backend = ad
idmap config *:range = 2000-9999
idmap config fask:schema_mode = rfc2307
idmap config *:backend = tdb
preserve case = yes
store dos attributes = Yes
short preserve case = yes
____________________
but i think i have a misunderstanding about windbind.
I thought the purpose of winbind was to include AD users as if they
were SAMBAusers, but I still had to add SAMBAusers manually in order to
get login to work.
some info which might help:
> root at debian1:/var/log/samba# wbinfo -u
> CCSOO#smbguest
> CCSOO#root
> CCSOO#virt_wind_1
> FASK#administrator
> FASK#guest
> FASK#krbtgt
> FASK#ccstac
> FASK#station
> FASK#outin
> FASK#ccsts
> FASK#mtotin
> FASK#opermeter
> FASK#t1
> FASK#peters
> FASK#delegate
but
> root at debian1:/var/log/samba# wbinfo -i "FASK#peters"
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user FASK#peters
Really would like to be able to seamlessly allow AD users to login to a
couple of SAMBA accounts without having to add SAMAusers.
Links:
------
[1] https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
More information about the samba
mailing list