[Samba] How to join join Ubuntu desktop to AD
lingpanda101 at gmail.com
Tue Dec 6 19:52:20 UTC 2016
On 12/6/2016 1:49 PM, Rowland Penny via samba wrote:
> On Tue, 6 Dec 2016 19:38:49 +0100
> Marc Muehlfeld via samba <samba at lists.samba.org> wrote:
>> Am 06.12.2016 um 19:15 schrieb lingpanda101 via samba:
>>> Does the wiki contain documentation on how to join a Linux
>>> workstation to Samba? I can't seem to find it. I do see this
>>> but this appears to use SSH to login. I'm looking to login locally.
>> This is the documentation you're looking for.
>> SSH is just an example in the documentation how to use pam_winbind.
>> Have a look at your PAM configuration files and the PAM documentation
>> to see which file you have to add pam_winbind to for local logins.
> libpam-winbind, libpam-krb5 and libnss-winbind on Debian, presumably
> the same on Ubuntu.
OK thanks. I'm a bit stuck at the part where I configure my smb.conf.
I'm going with the winbind ad backend.
security = ADS
workgroup = MYDOMAIN
realm = MYDOMAIN.LOCAL (Yes I know about .local)
log file = /var/log/samba/%m.log
log level = 1
idmap config * : backend = tdb
idmap config * : range = 2000-9999 (This is the range for local
users on the workstation?)
winbind nss info = rfc2307
idmap config MYDOMAIN:backend = ad
idmap config MYDOMAIN:schema_mode = rfc2307
idmap config MYDOMAIN:range = 10000-999999 (This is the default
range samba uses correct?)
If I # cat /etc/adduser.conf I see
Is this the range I should use for 'idmap config * : range = 2000-9999'?
I'm using rfc2307 on my DC's and my UID's start at 10000 when assigning
using Microsoft's ADUC tool. I should be good with using 'idmap config
MYDOMAIN:range = 10000-999999'?
Choosing the exact range to use is what I'm finding confusing. Thanks.
More information about the samba