[Samba] How to join join Ubuntu desktop to AD

Rowland Penny rpenny at samba.org
Wed Dec 14 17:15:02 UTC 2016 

On Wed, 14 Dec 2016 11:37:10 -0500
lingpanda101 via samba <samba at lists.samba.org> wrote:



> 
> Success!
> 
> I'll post a few observations during this adventure.
> 
> Incorrect case on this page 
> https://wiki.samba.org/index.php/Libnss_winbind_Links for smbd -B. 
> Should be lowercase b.
> 
> smbd -b | grep LIBDIR
>     LIBDIR: /usr/local/samba/lib/

Changed.

> 
> I could not retrieve users or groups unless I added
> 
> 'winbind use default domain = yes'
> 
> in my smb.conf file.  It's not listed in the wiki on this page 
> https://wiki.samba.org/index.php/Idmap_config_ad as being optional or 
> required. Did I do something wrong or should this be added to the
> wiki? Without it I would need to explicitly define it when using
> 
> id user1 at DOMAIN.LOCAL

What 'winbind use default domain' does is to make it so you do not need
the domain name in any call to getent etc. Without it, you would need
to run something like 'getent passwd SAMDOM\\rowland'. I will check
the wiki and if needs adding, I will do so.

> 
> I was unable to ping my DC when using it's FQDN. The fix was to
> disable Avahi in my nsswitch.conf file. This was due to using .local
> for my domain.
> 
> #hosts:          files mdns4_minimal [NOTFOUND=return] dns
> 
> hosts: files dns
> 
> Should this be added to the troubleshooting section of the wiki?

The wiki does tell you not to use .local, perhaps it needs to said more
forcefully ?

> 
> These three links also needed to be created. Not in the wiki that I
> seen.
> 
> ln
> -s /usr/local/samba/lib/libnss_wins.so.2 /lib/x86_64-linux-gnu/libnss_wins.so
> ln
> -s /usr/local/samba/lib/libnss_wins.so.2 /lib/x86_64-linux-gnu/libnss_wins.so.2
> ln
> -s /usr/local/samba/lib/security/pam_winbind.so /lib/x86_64-linux-gnu/security/pam_winbind.so
> 

It did have them at one time, unfortunately an error crept in, but I
think it will be fixed very shortly.

> I installed libpam-winbind that created this file
> 
> '/usr/share/pam-configs/winbind'
> 
> I didn't need to manually create as suggested. However doing so
> created the following file
> 
> '/lib/x86_64-linux-gnu/security/pam_winbind.so'
> 
> I had to rename and create the link you suggested.
> 
> ln
> -s /usr/local/samba/lib/security/pam_winbind.so /lib/x86_64-linux-gnu/security/pam_winbind.so
> 

The contents of libpam-winbind boils down to two files, the file I
posted and the .so file. The only problem with the way you did it, if
'libpam-winbind' gets updated, your .so link will get replaced and
this will probably lead to problems. I would suggest you remove the
package.
 

> Hopeful this helps others who attempt to join to Ubuntu. Now I will 
> attempt to login from the GUI.

This should work, well it works for me ;-)

Rowland

More information about the samba mailing list