[Samba] How to join join Ubuntu desktop to AD

Rowland Penny rpenny at samba.org
Thu Dec 8 19:10:51 UTC 2016 

On Thu, 8 Dec 2016 13:54:17 -0500
lingpanda101 via samba <samba at lists.samba.org> wrote:

> On 12/8/2016 1:14 PM, Rowland Penny via samba wrote:
> > On Thu, 8 Dec 2016 13:03:49 -0500
> > lingpanda101 via samba <samba at lists.samba.org> wrote:
> >
> >> On 12/8/2016 12:52 PM, Rowland Penny via samba wrote:
> >>> On Thu, 8 Dec 2016 12:27:20 -0500
> >>> lingpanda101 via samba <samba at lists.samba.org> wrote:
> >>>
> >>>> I think I have a issue with ldconfig not finding winbind. I
> >>>> create the sym links and verified they exist. What am I missing?
> >>>> Thanks.
> >>>>
> >>>> ldconfig -v | grep "libnss_"
> >>>> /sbin/ldconfig.real: Path `/lib/x86_64-linux-gnu' given more than
> >>>> once /sbin/ldconfig.real: Path `/usr/lib/x86_64-linux-gnu' given
> >>>> more than
> >>>> once /sbin/ldconfig.real: /lib/x86_64-linux-gnu/ld-2.23.so is the
> >>>> dynamic linker, ignoring
> >>>>
> >>>>        libnss_mdns4_minimal.so.2 -> libnss_mdns4_minimal.so.2
> >>>>        libnss_files.so.2 -> libnss_files-2.23.so
> >>>>        libnss_nis.so.2 -> libnss_nis-2.23.so
> >>>>        libnss_mdns.so.2 -> libnss_mdns.so.2
> >>>>        libnss_dns.so.2 -> libnss_dns-2.23.so
> >>>>        libnss_nisplus.so.2 -> libnss_nisplus-2.23.so
> >>>>        libnss_mdns6_minimal.so.2 -> libnss_mdns6_minimal.so.2
> >>>>        libnss_compat.so.2 -> libnss_compat-2.23.so
> >>>>        libnss_mdns_minimal.so.2 -> libnss_mdns_minimal.so.2
> >>>>        libnss_hesiod.so.2 -> libnss_hesiod-2.23.so
> >>>>        libnss_mdns6.so.2 -> libnss_mdns6.so.2
> >>>>        libnss_mdns4.so.2 -> libnss_mdns4.so.2
> >>>>
> >>> What version of Samba are you using ? I got the impression you
> >>> were using the distro's packages, in which case you do not create
> >>> the symlinks, you just install the packages I referred to earlier.
> >>>
> >>> Rowland
> >>>
> >> I compiled using 4.5.1.
> >>
> > OK, you need to have these symlinks:
> >
> > ln
> > -s /usr/local/samba/lib/libnss_wins.so.2 /lib/x86_64-linux-gnu/libnss_wins.so.2
> > ln
> > -s /usr/local/samba/lib/libnss_wins.so.2 /lib/x86_64-linux-gnu/libnss_wins.so
> >
> > ln
> > -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/x86_64-linux-gnu/libnss_winbind.so.2
> > ln
> > -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/x86_64-linux-gnu/libnss_winbind.so
> >
> > ln
> > -s /usr/local/samba/lib/security/pam_winbind.so /lib/x86_64-linux-gnu/security/pam_winbind.so
> >
> > Then run 'ldconfig'
> >
> > You will also have to create a file: /usr/share/pam-configs/winbind
> >
> > Name: Winbind NT/Active Directory authentication
> > Default: yes
> > Priority: 192
> > Auth-Type: Primary
> > Auth:
> > 	[success=end default=ignore]	pam_winbind.so
> > krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
> > Auth-Initial: [success=end default=ignore]	pam_winbind.so
> > krb5_auth krb5_ccache_type=FILE cached_login Account-Type: Primary
> > Account:
> > 	[success=end new_authtok_reqd=done default=ignore]
> > pam_winbind.so Password-Type: Primary
> > Password:
> > 	[success=end default=ignore]	pam_winbind.so
> > use_authtok try_first_pass Password-Initial:
> > 	[success=end default=ignore]	pam_winbind.so
> > Session-Type: Additional
> > Session:
> > 	optional			pam_winbind.so
> >
> > Rowland
> >
> 
> I will perform the additional steps. I should point out I do not see 
> anything related to configuring Kerberos in the wiki. I have kept the 
> default configuration. Thanks.
> 

Now I look at the domain member page, nor do I, but you only need the
same krb5.conf as on the DC:

[libdefaults]
	default_realm = SAMDOM.EXAMPLE.COM
	dns_lookup_realm = false
	dns_lookup_kdc = true

Rowland

More information about the samba mailing list