[Samba] SAMBA using existing users and passwords on Linux

Fernando Gonçalves fernandolmg at gmail.com
Mon Jun 22 13:00:01 UTC 2020


Good morning Rowland.

As you may have noticed, I am no expert in deploying SAMBA in an AD domain.
Could you give me a link with a tutorial that explains in a simple way the
procedure for this?

Just to not leave without a return I executed the following commands:

# getent group TJSC\users
#
Nothing came back.

# getent group TJSC users
users: x: 100:
This group "users" is local to the linux server (it is in /etc/passwd) and
does not exist in the AD domain.

I can then conclude that my intention to use local users of the linux
server without having to specify the name of the linux server is not
possible, right?

Em sex., 19 de jun. de 2020 às 11:43, Rowland penny via samba <
samba at lists.samba.org> escreveu:

> On 19/06/2020 15:06, Fernando Gonçalves wrote:
> > I will pass all the commands I used for installation and inclusion of
> > the linux server server in AD.
> >
> > Installation of KERBEROS 5 packages:
> > #yum install krb5-server krb5-libs krb5-workstation
> Why install krb5-server ? this is not required on a Unix domain member.
> >
> > I added the following lines to the /etc/krb5.conf file
> > [libdefaults]
> > default_realm = SAMDOM.EXAMPLE.COM <http://SAMDOM.EXAMPLE.COM>
> > dns_lookup_realm = false
> > dns_lookup_kdc = false
> Change the last line to true
> >
> > I installed realmd
> > # yum install realmd
> Why, what is wrong with 'net ads join' ?
>
> Nothing really wrong, apart from, you do not seem to understand that any
> users in /etc/passwd are unknown to AD.
>
> You can have the same username in /etc/passwd and AD, but they will be
> different users. The only Samba supported way of making users known to
> both AD and the local Linux OS, is for the users to be in AD and use
> Samba to make them Unix users as well. You are half way there, you have
> in smb.conf:
>
> idmap config TJSC : range = 2000000-2999999
> idmap config TJSC : backend = rid
>
> This will take any AD users (and groups), extract the RID and then
> calculate the Unix ID using the lower range, so from what you have
> posted, I am very sure that 'getent group Domain\ Users' will return the
> ID '2000513'.
>
> So to cut to a shorter version, create your users in AD and delete them
> from /etc/passwd.
>
> Your way is not supported.
>
> Rowland
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Livre
de vírus. www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>.
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>


More information about the samba mailing list