[Samba] First Linux Machine Domain Join
Rowland Penny
rpenny at samba.org
Sat Nov 16 16:59:20 UTC 2024
On Sat, 16 Nov 2024 10:38:06 -0500
"John R. Graham via samba" <samba at lists.samba.org> wrote:
> I apparently haven't created the correct formula to get Samba to
> start winbindd on my workstation in the process of joining my domain.
> Testing winbindd connectivity fails:
Samba doesn't start any daemons on a Unix domain member, you have to do
it yourself.
>
> ~ # wbinfo --ping-dc
> could not obtain winbind interface details:
> WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> checking the NETLOGON for domain[] dc connection to "" failed
> failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
>
> The join /partially/ succeeded:
>
> ~ # net ads join -U administrator
> Password for [SAMDOM\administrator]:
> Using short domain name -- SAMDOM
> Joined 'TERRA' to dns domain 'samdom.example.com'
> DNS Update for terra.samdom.example.com failed:
> ERROR_DNS_UPDATE_FAILED DNS update failed: NT_STATUS_UNSUCCESSFUL
That is usually caused by a mis-configuration of /etc/hosts.
>
> I say "partially" in that, despite the errors above, the machine
> record is now present in the AD DC's /var/lib/samba/private/sam.ldb
> database and appears to be complete.
>
> My current /etc/samba/smb.conf is:
>
> [global]
> security = domain
Sorry but that is incorrect, it should be 'security = ADS'
> workgroup = SAMDOM
> realm = SAMDOM.EXAMPLE.COM
> server string = "John's Terra Workstation"
> server role = member server
>
> log file = /var/log/samba/log.%m
> log level = 1
> max log size = 50
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config SAMDOM:backend = ad
> idmap config SAMDOM:schema_mode = rfc2307
> idmap config SAMDOM:range = 10000-9999999
> idmap config SAMDOM:unix_nss_info = yes
>
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
>
> template shell = /bin/bash
> template homedir = /home/%U
>
> I've made the requisite changes in /etc/nsswitch.conf and my
> distribution's Samba package supplies the pam configuration. Still,
> I'm obviously missing something.
I use Debian and everything is setup automatically, but you need PAM
configuring correctly, along with the winbind nss links and
/etc/nsswitch.conf, but most of all, you need to have winbind running
;-)
Rowland
More information about the samba
mailing list