[Samba] Configuring Samba as a file server to use AD authentication
Kyle Manel
Kyle.Manel at inbaytech.com
Thu Aug 25 15:29:46 UTC 2016
Thanks for the information,
I am unclear how to implement the winbind 'rid' backend. I've identified that winbindd is not operating on my demo server (fresh installation of Ubuntu 16), and am looking for some assistance if possible.
1] 'apt-get install winbind' informs me that the package is already installed (v4.3.9), yet it is not operating;
2] Lsof -Pnl +M -i4 provides:
root at smb-srv:/home/inbay# lsof -Pnl +M -i4
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dhclient 2976 0 6u IPv4 20143 0t0 UDP *:68
lwsmd 3217 0 17u IPv4 59606 0t0 TCP 10.10.40.164:35156->10.10.20.93:445 (ESTABLISHED)
lwsmd 3231 0 24u IPv4 64193 0t0 TCP 10.10.40.164:40020->10.10.20.92:3268 (ESTABLISHED)
lwsmd 3231 0 26u IPv4 64244 0t0 TCP 10.10.40.164:46136->10.10.20.93:389 (ESTABLISHED)
lwsmd 3231 0 32u IPv4 64190 0t0 TCP 10.10.40.164:46130->10.10.20.93:389 (ESTABLISHED)
sshd 9140 0 3u IPv4 37379 0t0 TCP *:22 (LISTEN)
nmbd 28134 0 16u IPv4 62715 0t0 UDP *:137
nmbd 28134 0 17u IPv4 62716 0t0 UDP *:138
nmbd 28134 0 18u IPv4 62718 0t0 UDP 10.10.40.164:137
nmbd 28134 0 19u IPv4 62719 0t0 UDP 10.10.40.255:137
nmbd 28134 0 20u IPv4 62720 0t0 UDP 10.10.40.164:138
nmbd 28134 0 21u IPv4 62721 0t0 UDP 10.10.40.255:138
smbd 28247 0 37u IPv4 63448 0t0 TCP *:445 (LISTEN)
smbd 28247 0 38u IPv4 63449 0t0 TCP *:139 (LISTEN)
sshd 28317 0 3u IPv4 63824 0t0 TCP 10.10.40.164:22->10.10.40.178:65205 (ESTABLISHED)
sshd 28397 1000 3u IPv4 63824 0t0 TCP 10.10.40.164:22->10.10.40.178:65205 (ESTABLISHED)
3] To start winbindd I visited this site https://ubuntuforums.org/showthread.php?t=1865647 which informed to run 'net ads join -U administrator' with my own id, which returns:
'Joined 'SMB-SRV-001' to dns domain 'domain' No DNS domain configured for SMB-SRV. Unable to perform DNS update. DNS update failed: NT_STATUS_INVALID_PARAMETER'
Upon review of the [3] winbindd is still not implemented, and I would like to know how to get it running, as from my understanding it is part of the samba package, and I will require it.
-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba
Sent: Wednesday, August 24, 2016 2:54 AM
To: samba at lists.samba.org
Subject: Re: [Samba] Configuring Samba as a file server to use AD authentication
On Tue, 23 Aug 2016 21:58:43 +0000
Kyle Manel via samba <samba at lists.samba.org> wrote:
> Hello,
>
> I am attempting to install Samba as a file server within an Active
> Directory domain to use the AD server for group authentication. I have
> worked through various guides, but all leave me unable to authenticate
> into the samba shares using my organizations existing user groups in
> Active Directory. I need the following configuration:
>
> Share - users : description
> Admin - Admin : This share is exclusive to its user group Media -
> media users : This share is exclusive to its user group and the Admin
> group Junk - all users : This share is accessible to everyone
>
> There are 3 different user groups that will be using this server,
> Admin, Media and Everyone.
>
> I have a Microsoft Active Directory Server (2012R2) operating as my AD
> server, and an Ubuntu server operating for Samba.
>
> I would like:
> users to be authenticated each access to the share, the process of
> adding/removing users to be done by the AD server.
Because you are using 2012R2 it will be a little harder, but it should be do-able. See here:
https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
Because of 2012R2 (no IDMU), you will need to use the winbind 'rid'
backend.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list