[Samba] using samba-tool from a domain member other than the DC
Jason Keltz
jas at eecs.yorku.ca
Thu Jul 23 18:31:21 UTC 2020
Hi Rowland,
I'm running smbd on the DC. I want to be able to do things like adding
a user, dns entry, etc. from my workstation without logging into the DC.
I can't get samba-tool to work with Kerberos, or ldaps, etc.
Jason.
On 7/23/2020 2:21 PM, Rowland penny via samba wrote:
> On 23/07/2020 18:42, Jason Keltz via samba wrote:
>> Hi.
>>
>> I left off from my original question...
>>
>> I've joined the domain using "realm join", and am not using winbind.
>>
>> I'm looking for the minimal configuration I need to have in smb.conf
>> to be able to run samba-tool from a domain member.
>>
>> My /etc/krb5.conf contains:
>>
>> [libdefaults]
>>
>> default_realm = <my realm>
>>
>> dns_lookup_realm = false
>>
>> dns_lookup_kdc = true
>>
>> My /etc/smb.conf contains minimal:
>>
>> [global]
>>
>> workgroup=<my workgroup>
>>
>> security=ADS
>>
>> realm=<my realm>
>>
>> Have I missed providing some detail?
>>
>> Do I need to be running smbd to be able to use samba-tool from a
>> domain member?
>>
>> Is nobody else using samba-tool from outside their DC that might be
>> able to suggest why this doesn't work?
>>
>> Thanks,
>>
>> Jason.
>
> Not sure, I have never tried it. From the sound of it, you are not
> running any of the Samba daemons, so why do you need samba-tool ?
>
> Using samba-tool from a Samba domain member does work, it is just
> ldaps that doesn't seem to work for myself, probably because of an
> incorrect incantation ;-)
>
> Rowland
>
>
>
--
Jason Keltz
Manager of Development
Department of Electrical Engineering & Computer Science
York University, Toronto, Canada
Tel: 416-736-2100 x. 33570
Fax: 416-736-5872
More information about the samba
mailing list