[Samba] First Linux Machine Domain Join

Rowland Penny rpenny at samba.org
Sat Nov 16 16:59:20 UTC 2024


On Sat, 16 Nov 2024 10:38:06 -0500
"John R. Graham via samba" <samba at lists.samba.org> wrote:

> I apparently haven't created the correct formula to get Samba to
> start winbindd on my workstation in the process of joining my domain.
> Testing winbindd connectivity fails:

Samba doesn't start any daemons on a Unix domain member, you have to do
it yourself.

> 
>      ~ # wbinfo --ping-dc
>      could not obtain winbind interface details: 
> WBC_ERR_WINBIND_NOT_AVAILABLE
>      could not obtain winbind domain name!
>      checking the NETLOGON for domain[] dc connection to "" failed
>      failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
> 
> The join /partially/ succeeded:
> 
>      ~ # net ads join -U administrator
>      Password for [SAMDOM\administrator]:
>      Using short domain name -- SAMDOM
>      Joined 'TERRA' to dns domain 'samdom.example.com'
>      DNS Update for terra.samdom.example.com failed:
> ERROR_DNS_UPDATE_FAILED DNS update failed: NT_STATUS_UNSUCCESSFUL

That is usually caused by a mis-configuration of /etc/hosts.

 > 
> I say "partially" in that, despite the errors above, the machine
> record is now present in the AD DC's /var/lib/samba/private/sam.ldb
> database and appears to be complete.
> 
> My current /etc/samba/smb.conf is:
> 
> [global]
>     security = domain

Sorry but that is incorrect, it should be 'security = ADS'
 
>     workgroup = SAMDOM
>     realm = SAMDOM.EXAMPLE.COM
>     server string = "John's Terra Workstation"
>     server role = member server
> 
>     log file = /var/log/samba/log.%m
>     log level = 1
>     max log size = 50
> 
>     idmap config * : backend = tdb
>     idmap config * : range = 3000-7999
>     idmap config SAMDOM:backend = ad
>     idmap config SAMDOM:schema_mode = rfc2307
>     idmap config SAMDOM:range = 10000-9999999
>     idmap config SAMDOM:unix_nss_info = yes
> 
>     vfs objects = acl_xattr
>     map acl inherit = yes
>     store dos attributes = yes
> 
>     template shell = /bin/bash
>     template homedir = /home/%U
> 
> I've made the requisite changes in /etc/nsswitch.conf and my 
> distribution's Samba package supplies the pam configuration. Still,
> I'm obviously missing something.

I use Debian and everything is setup automatically, but you need PAM
configuring correctly, along with the winbind nss links and
/etc/nsswitch.conf, but most of all, you need to have winbind running
;-)

Rowland



More information about the samba mailing list