[Samba] I have issue in configuring file servers with AD integration.
venkat ramu
ramut123 at gmail.com
Tue Jan 8 10:31:31 UTC 2019
Thanks Rowland, I will try with your option and will let you know.
Thanks,
Venkat
On Tue, Jan 8, 2019 at 3:13 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Tue, 8 Jan 2019 09:38:54 +0530
> venkat ramu <ramut123 at gmail.com> wrote:
>
> > Hi Rowland,
> >
> > Please find the attached requested details. also Could you please
> > share right document for the SAMBA configuration with AD
> > authentication for file server. Thank you the help.
> >
> > Thanks,
> > Venkat
>
> OK, you have a choice here, you can either do what I do, which is make
> the network settings work for me (this involves removing netplan) or
> try and work with the OS, for the latter, see here (at the bottom):
>
>
> https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt
>
> I am sure that Louis will correct any differences between a DC setup
> and a Unix domain member ;-)
>
> If you follow how I do it, remove netplan and then make /etc/hosts look
> like this:
>
> 127.0.0.1 localhost
> <UBUNTU-BASE IP> ubuntu-base.testlab.com ubuntu-base
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> make /etc/resolv.conf look like this:
>
> search testlab.com
> nameserver 192.168.0.81
>
> /etc/krb5.conf only needs to contain this:
>
> [libdefaults]
> default_realm = TESTLAB.COM
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> I would suggest you make your smb.conf look like this:
>
> [global]
> workgroup = TESTLAB
> security = ADS
> realm = TESTLAB.COM
> server string = %h server (Samba, Ubuntu)
>
> winbind use default domain = yes
> winbind expand groups = 2
>
> ## map ids outside of domain to tdb files.
> idmap config * : backend = tdb
> idmap config * : range = 2000-9999
> ## map ids from the domain the ranges may not overlap !
> idmap config TESTLAB : backend = rid
> idmap config TESTLAB : range = 10000-20000
>
> template shell = /bin/bash
> domain master = no
> local master = no
> preferred master = no
> os level = 20
>
> # user Administrator workaround, without it you are unable to set
> privileges
> username map = /etc/samba/user.map
>
> # For ACL support on domain member
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> max log size = 1000
> log file = /var/log/samba/log.%m
> syslog = 0
> log level = 3 passdb:5 auth:5
> panic action = /usr/share/samba/panic-action %d
>
> [printers]
> comment = All Printers
> browseable = no
> path = /var/spool/samba
> printable = yes
> create mask = 0700
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
>
> It assumes you haven't added anything to AD and will use the winbind
> 'rid' backend.
>
> You will also have to create /etc/samba/user.map with this content:
>
> !root = TESTLAB\Administrator
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list