[Samba] Samba domain members and MIT Kerberos configuration...
Patrick Goetz
pgoetz at math.utexas.edu
Mon Jan 10 19:46:26 UTC 2022
On 12/27/21 06:54, Marco Gaiarin via samba wrote:
>
> I'm working on joining some RH-based box to an AD domain, starting from this
> list, the wiki and my debian knowledge. ;-)
>
> I'm speaking of MEMBERS, not DC!
>
>
> I've found some info googling around, but make reference to 'realmd' and
> 'oddjob' for configuration, that seems to me more 'wrappers' to help
> configuration, so probably can be subsitute with more plain 'net ads
> join' and 'pam_mkhomedir'. Correct?
>
If you have selinux turned on, pam-mkhomedir won't work. This is why
RHEL created the oddjob thing. You however don't need realmd -- that's
aimed at simplifying configuration. adcli works fine. You especially
don't need realmd if you're going to use Samba.
>
> Also, i've found no specific kerberos configuration, apart the hint to add
> this:
>
> [plugins]
>
> localauth = {
>
> module = winbind:/usr/lib64/samba/krb5/winbind_krb5_localauth.so
>
> enable_only = winbind
>
> }
>
> (and installing samba-winbind-krb5-locator rpm package).
>
>
> In the samba wiki i've not found some hint about mit kerberos configuration.
>
>
> Someone have some clue? Thanks.
>
More information about the samba
mailing list