[Samba] ads: tickets and joins
Rowland penny
rpenny at samba.org
Tue Apr 26 18:41:11 UTC 2016
On 26/04/16 19:14, Chris Stankevitz wrote:
> On Tue, Apr 26, 2016 at 10:33 AM, Rowland penny <rpenny at samba.org> wrote:
>> Can I suggest you browse the Samba wiki:
>> https://wiki.samba.org/index.php/Main_Page
> I will... thank you.
>
>> I would suggest you stop using the username map for this, if a user exists in
>> AD and the user logins into a Unix machine that is joined to the domain, then
>> the user *shouldn't* exist in /etc/passwd
> I'm not sure how that would work, but I'll read the wiki. For
> example, under which user will the smb client processes run? Perhaps
> you are suggesting that I use winbind instead of 'username map'.
Most definitely, you should be running winbind.
>
>>> 12. Does the use case above require someone to run kinit on the samba
>>> server before the client attempts a connection?
>>
>> No, a user doesn't have to 'kinit' before connecting.
> Thank you. My understanding is that for my use case I never have to
> issue issue "kinit" - not even for net ads join. The process is:
>
> 1. buy computer
If you don't have one :-)
>
> 2. Install linux/samba
Very good idea.
>
> 3. configure smb.conf (security=ads, )
See Samba wiki for this.
>
> 4. Start smbd
Not yet.
>
> 5. net ads join -U UserWithSeMachineAccountPrivilege at DOMAIN.TLD
You could always use 'net ads join -U Administrator'
>
> 6. users connect to samba and use the shares with their AD usernames/passwords
Not yet
>
> 7. reboot computer from time to time (kernel updates, etc)
Not yet
>
> 8. start smbd
Yes and nmbd and winbind
> 9. goto 6
now 6 & 7
Rowland
>
> Thank you again,
>
> Chris
More information about the samba
mailing list