[Samba] I have issue in configuring file servers with AD integration.

venkat ramu ramut123 at gmail.com
Tue Jan 8 10:31:31 UTC 2019


Thanks Rowland, I will try with your option and will let you know.

Thanks,
Venkat

On Tue, Jan 8, 2019 at 3:13 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Tue, 8 Jan 2019 09:38:54 +0530
> venkat ramu <ramut123 at gmail.com> wrote:
>
> > Hi Rowland,
> >
> > Please find the attached requested details. also Could you please
> > share right document for the SAMBA configuration with AD
> > authentication for file server. Thank you the help.
> >
> > Thanks,
> > Venkat
>
> OK, you have a choice here, you can either do what I do, which is make
> the network settings work for me (this involves removing netplan) or
> try and work with the OS, for the latter, see here (at the bottom):
>
>
> https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt
>
> I am sure that Louis will correct any differences between a DC setup
> and a Unix domain member ;-)
>
> If you follow how I do it, remove netplan and then make /etc/hosts look
> like this:
>
> 127.0.0.1       localhost
> <UBUNTU-BASE IP>       ubuntu-base.testlab.com ubuntu-base
>
> # The following lines are desirable for IPv6 capable hosts
> ::1     ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> make /etc/resolv.conf look like this:
>
> search testlab.com
> nameserver 192.168.0.81
>
> /etc/krb5.conf only needs to contain this:
>
> [libdefaults]
> default_realm = TESTLAB.COM
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> I would suggest you make your smb.conf look like this:
>
> [global]
>         workgroup = TESTLAB
>         security = ADS
>         realm = TESTLAB.COM
>         server string = %h server (Samba, Ubuntu)
>
>         winbind use default domain = yes
>         winbind expand groups = 2
>
>         ## map ids outside of domain to tdb files.
>         idmap config * : backend = tdb
>         idmap config * : range = 2000-9999
>         ## map ids from the domain  the ranges may not overlap !
>         idmap config TESTLAB : backend = rid
>         idmap config TESTLAB : range = 10000-20000
>
>         template shell = /bin/bash
>         domain master = no
>         local master = no
>         preferred master = no
>         os level = 20
>
>         # user Administrator workaround, without it you are unable to set
> privileges
>         username map = /etc/samba/user.map
>
>         # For ACL support on domain member
>         vfs objects = acl_xattr
>         map acl inherit = Yes
>         store dos attributes = Yes
>
>         max log size = 1000
>         log file = /var/log/samba/log.%m
>         syslog = 0
>         log level = 3 passdb:5 auth:5
>         panic action = /usr/share/samba/panic-action %d
>
> [printers]
>    comment = All Printers
>    browseable = no
>    path = /var/spool/samba
>    printable = yes
>    create mask = 0700
>
> [print$]
>    comment = Printer Drivers
>    path = /var/lib/samba/printers
>
> It assumes you haven't added anything to AD and will use the winbind
> 'rid' backend.
>
> You will also have to create /etc/samba/user.map with this content:
>
> !root = TESTLAB\Administrator
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list