[Samba] I have issue in configuring file servers with AD integration.
Rowland Penny
rpenny at samba.org
Tue Jan 8 09:42:58 UTC 2019
On Tue, 8 Jan 2019 09:38:54 +0530
venkat ramu <ramut123 at gmail.com> wrote:
> Hi Rowland,
>
> Please find the attached requested details. also Could you please
> share right document for the SAMBA configuration with AD
> authentication for file server. Thank you the help.
>
> Thanks,
> Venkat
OK, you have a choice here, you can either do what I do, which is make
the network settings work for me (this involves removing netplan) or
try and work with the OS, for the latter, see here (at the bottom):
https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt
I am sure that Louis will correct any differences between a DC setup
and a Unix domain member ;-)
If you follow how I do it, remove netplan and then make /etc/hosts look
like this:
127.0.0.1 localhost
<UBUNTU-BASE IP> ubuntu-base.testlab.com ubuntu-base
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
make /etc/resolv.conf look like this:
search testlab.com
nameserver 192.168.0.81
/etc/krb5.conf only needs to contain this:
[libdefaults]
default_realm = TESTLAB.COM
dns_lookup_realm = false
dns_lookup_kdc = true
I would suggest you make your smb.conf look like this:
[global]
workgroup = TESTLAB
security = ADS
realm = TESTLAB.COM
server string = %h server (Samba, Ubuntu)
winbind use default domain = yes
winbind expand groups = 2
## map ids outside of domain to tdb files.
idmap config * : backend = tdb
idmap config * : range = 2000-9999
## map ids from the domain the ranges may not overlap !
idmap config TESTLAB : backend = rid
idmap config TESTLAB : range = 10000-20000
template shell = /bin/bash
domain master = no
local master = no
preferred master = no
os level = 20
# user Administrator workaround, without it you are unable to set privileges
username map = /etc/samba/user.map
# For ACL support on domain member
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
max log size = 1000
log file = /var/log/samba/log.%m
syslog = 0
log level = 3 passdb:5 auth:5
panic action = /usr/share/samba/panic-action %d
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
It assumes you haven't added anything to AD and will use the winbind
'rid' backend.
You will also have to create /etc/samba/user.map with this content:
!root = TESTLAB\Administrator
Rowland
More information about the samba
mailing list