[Samba] How to configure samba, sssd, pam etc so that domain users can log in the linux server?
Ricardo Campos
rdiascampos at gmail.com
Tue Dec 12 23:19:25 UTC 2023
Hi.
I'm struggling hard with those tons of configurations in order to allow
samba ad-dc users log in the Debian server.
I couldn't really find a place with definite configuration. It seems that
there are many possibilities what make people really confused.
I decided to build samba from scratch meaning that I'm not using the distro
version. The version I installed is 4.19.3.
Let me tell the basic configurations I have now.
/usr/local/samba/etc/smb.conf:
# Global parameters
[global]
dns forwarder = 8.8.8.8
netbios name = MEUSAMBA
realm = XXXX.LOCAL
server role = active directory domain controller
workgroup = XXXX
idmap_ldb:use rfc2307 = yes
include registry
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[netlogon]
path = /usr/local/samba/var/locks/sysvol/xxxx.local/scripts
read only = No
[nas]
path = /dados/nas
read only = No
[suporte]
path = /dados/suporte
read only = no
/etc/sssd/sssd.conf
[sssd]
domains = xxxx.local
config_file_version = 2
services = nss, pam
[domain/ibam.local]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = XXXX.LOCAL
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = xxxx.local
use_fully_qualified_names = True
ldap_id_mapping = True
access_provider = ad
In fact, I configured this way because the site said I should do so, but
I'd rather do not use kerberos. I'd like to keep it simpler.
Any help will be very much apreciated.
Thanks,
Ricardo
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Não
contém vírus.www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
More information about the samba
mailing list