[Samba] samba-4-10 as Win2k16 member
Rowland penny
rpenny at samba.org
Tue Mar 24 19:21:09 UTC 2020
On 24/03/2020 18:56, Dipl.-Ing. Péter Varkoly via samba wrote:
> Hi,
>
> I want to join samba 4.10.13 to an Win2k16 Server as member. The join
> was succesfully:
> net ads join -U administrator
> Using short domain name -- CRANIX
> Joined 'ADMIN' to dns domain 'cranix.win'
>
> wbinfo -u lists all users. But wininfo -u <username> delivers following
> error:
> wbinfo -i administrator
Forget Administrator on Unix domain member
> Based on https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
Yes, but only vaguely ;-)
>
> What went wrong?
>
Could be numerous things, you didn't read the pages correctly, you
didn't add any uidNumber & gidNumber attributes to AD (they are not
added automatically), or you are using sssd.
Try this smb.conf:
[global]
realm = CRANIX.WIN
workgroup = CRANIX
security = ADS
bind interfaces only = yes
interfaces = 127.0.0.1, 172.20.0.2
vfs objects = acl_xattr
map acl inherit = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind use default domain = yes
winbind refresh tickets = Yes
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config CRANIX : backend = rid
idmap config CRANIX : range = 10000-999999
# user Administrator workaround, without it you are unable to
set privileges
username map = /etc/samba/user.map
Create the user.map:
echo '!root = Administrator' > /etc/samba/user.map
With that smb.conf, you will not have to add anything to AD.
Also, if you are using sssd, you should remove it, you cannot use sssd
with Samba >= 4.8.0 running as a fileserver.
Rowland
More information about the samba
mailing list