[Samba] Samba domain members and MIT Kerberos configuration...

Rowland Penny rpenny at samba.org
Mon Dec 27 13:24:07 UTC 2021

On Mon, 2021-12-27 at 13:54 +0100, Marco Gaiarin via samba wrote:
> I'm working on joining some RH-based box to an AD domain, starting
> from this
> list, the wiki and my debian knowledge. ;-)

What rh-based box ?
Centos ?
Fedora ?
What version ?

> I'm speaking of MEMBERS, not DC!

No need to shout :-D

> I've found some info googling around, but make reference to 'realmd'
> and
> 'oddjob' for configuration, that seems to me more 'wrappers' to help
> configuration, so probably can be subsitute with more plain 'net ads
> join' and 'pam_mkhomedir'. Correct?

Sort of, you should (in my opinion) use 'net ads join' to join the
computer to the domain, but you will need to use 'oddjob' on red-hat
distros. You will also need to correctly set up the smb.conf file.

> Also, i've found no specific kerberos configuration, apart the hint
> to add
> this:
> [plugins]
>     localauth = {
>         module =
> winbind:/usr/lib64/samba/krb5/winbind_krb5_localauth.so
>         enable_only = winbind
>     }

You probably do not need that.

> (and installing samba-winbind-krb5-locator rpm package).
> In the samba wiki i've not found some hint about mit kerberos
> configuration.

This is probably because the setup isn't much different on Unix domain


More information about the samba mailing list