[Samba] SAMBA using existing users and passwords on Linux
rpenny at samba.org
Fri Jun 19 14:42:59 UTC 2020
On 19/06/2020 15:06, Fernando Gonçalves wrote:
> I will pass all the commands I used for installation and inclusion of
> the linux server server in AD.
> Installation of KERBEROS 5 packages:
> #yum install krb5-server krb5-libs krb5-workstation
Why install krb5-server ? this is not required on a Unix domain member.
> I added the following lines to the /etc/krb5.conf file
> default_realm = SAMDOM.EXAMPLE.COM <http://SAMDOM.EXAMPLE.COM>
> dns_lookup_realm = false
> dns_lookup_kdc = false
Change the last line to true
> I installed realmd
> # yum install realmd
Why, what is wrong with 'net ads join' ?
Nothing really wrong, apart from, you do not seem to understand that any
users in /etc/passwd are unknown to AD.
You can have the same username in /etc/passwd and AD, but they will be
different users. The only Samba supported way of making users known to
both AD and the local Linux OS, is for the users to be in AD and use
Samba to make them Unix users as well. You are half way there, you have
idmap config TJSC : range = 2000000-2999999
idmap config TJSC : backend = rid
This will take any AD users (and groups), extract the RID and then
calculate the Unix ID using the lower range, so from what you have
posted, I am very sure that 'getent group Domain\ Users' will return the
So to cut to a shorter version, create your users in AD and delete them
Your way is not supported.
More information about the samba