[Samba] Doubts about Samba 4 Clients

Christophe Borivant cborivant at devinlec.com
Thu Jan 7 09:45:31 UTC 2016 

Hello,

If you use DHCP, and configure it to give a fixed address to each host, then the hostname can be configured on the dhcp server.

---------------------------------------------
Christophe Borivant
Responsable d'exploitation informatique
+33 5 62 20 71 71 (Poste 503)

Devinlec - Groupe Leclerc
--------------------------------------------

----- Mail original -----
De: "Rowland penny" <rpenny at samba.org>
À: "samba" <samba at lists.samba.org>
Envoyé: Mercredi 6 Janvier 2016 21:13:32
Objet: Re: [Samba] Doubts about Samba 4 Clients

On 06/01/16 19:34, Marcio Demetrio Bacci wrote:
> Hi,
>
> I have set up an Ubuntu 14.04-64 bits workstation to join a samba 4 domain
> and is apparently running perfectly. However I need to put 300 stations in
> the domain, so I thought I'd create a iSO to facilitate the work.
>
> Thus I would like resolving some doubts before generating the ISO image:
>
> 1) Must be put the client's netbios name in smb.conf or is optional, as
> below?
>
> /etc/samba/smb.conf
>
> [global]
>
>    *netbios name = client1 *

netbios name is not required, it will be set (in the background) for you

>
>    workgroup = EMPRESA
>
>    security = ads
>
>    realm = EMPRESA.COM
>
>    encrypt passwords = yes

You don't need 'encrypt passwords' , this is the default

>
>    dedicated keytab file = /etc/krb5.keytab
>
>    kerberos method = secrets and keytab
>
>    preferred master = no
>
>    idmap config *:backend = tdb
>
>    idmap config *:range = 2000-9999
>
>    idmap config EMPRESA:backend = ad
>
>    idmap config EMPRESA:schema_mode = rfc2307
>
>    idmap config EMPRESA:range = 10000-999999
>
>     winbind nss info = rfc2307
>
>    winbind trusted domains only = no
>
>    winbind use default domain = yes
>
>    winbind enum users = yes
>
>    winbind enum groups = yes
>
>    winbind refresh tickets = yes
>
>    vfs objects = acl_xattr
>
>    map acl inherit = Yes
>
>    store dos attributes = Yes
>
>    username map = /etc/samba/user.map
>
>
> 2) Must be put the hosts file only the localhost or also put the station
> name, as follows?
>
> /etc/hosts
>
> 127.0.0.1             localhost
>
> *127.0.1.1             client1.empresa.com <http://client1.empresa.com>
> client1*

If you are using dhcp, you do not need the '127.0.1.1.' line, if you are 
using Network Manager with dnsmasq, stop Network Manager using dnsmasq. 
If it is a fixed ip machine, replace '127.0.1.1' with the ip.

>
>
> 3) Can I put winbind to the passwd and group in nsswitch.conf file
> BEFORE joining
> the domain?
>
> /etc/nsswitch.conf
>
> passwd:compat *winbind*
>
> group:compat* winbind*

Yes, it won't have any affect, if the machine is not joined to the domain.

> shadow:compat
>
> hosts:files mdns4_minimal [NOTFOUND=return] dns
>
> networks:files
>
> protocols: db files
>
> services:db files
>
> ethers:db files
>
> rpc:db files
>
> netgroup:nis
>
>
> 4) To generate the iSO can set everything except the entrance of the station in
> the domain and later only to run *net ads join* command in each computer?

The only problem I can see is the hostname, but you can probably work 
around this.

> 5) You must install the ntp package?
>

Very recommended, your clients and DCs must be using the same time, set 
up ntp on the DCs and then on the clients, but use the DCs as the time 
servers.

> 6) Can anybody suggest another way for join all (300) the workstations in
> the samba 4 domain?
>

You could pre-create the workstations in AD, then write a script to join 
the domain after the installation.
This is Unix, so there are probably lots of ways of doing this :-)

Rowland


>
> Thanks,
>
> Márcio


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list