How to join a Linux machine to a Samba4 domain

classic Classic list List threaded Threaded
37 messages Options
12
Reply | Threaded
Open this post in threaded view
|

How to join a Linux machine to a Samba4 domain

Lea Massiot
Hello,

My question is about how to join a "Linux" machine to a "Samba4 AD DC" domain.

Given that I have a "Samba4 AD DC" running on a machine (A),
given that I have a another machine (B) running "Linux Debian Wheezy",
can you tell me:

1) How I can join (B) to the domain?

Do I have to install specific packages on (B)?
Does it look like something like this: "net ads join -U Administrator"?

2) How can I create a shared directory on (B) so that other clients both Windows and Linux can access it in read and write mode?

Thank you for helping and best regards.
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

Sven Schwedas
Hi,

On 2014-01-30 11:00, Lea Massiot wrote:

> Hello,
>
> My question is about how to join a "Linux" machine to a "Samba4 AD DC"
> domain.
>
> Given that I have a "Samba4 AD DC" running on a machine (A),
> given that I have a another machine (B) running "Linux Debian Wheezy",
> can you tell me:
>
> 1) How I can join (B) to the domain?
>
> Do I have to install specific packages on (B)?
Samba4. Preferably not the bugged and incomplete packages shipped with
Wheezy. Use the packages provided by sernet, or wheezy-backports.

(Note that Samba4 in wheezy-backports breaks sssd, you'll only be able
to use winbind or pam_ldap. Refer to the recent and still ongoing
elaborate shitstorms on the mailing list to pros/cons of sssd vs. winbindd.)

> Does it look like something like this: "net ads join -U Administrator"?

Should be "samba-tool domain join" in Samba 4.1+. Refer to its help
texts and manpages for details, it's the only documentation currently
existing.

> 2) How can I create a shared directory on (B) so that other clients both
> Windows and Linux can access it in read and write mode?

Not visibly different from samba3. Set it up in your smb.conf, and
ensure your auth backends (winbind or sssd) are configured properly.


--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: [hidden email] | +43 (0)680 301 7167
http://software.tao.at


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

signature.asc (679 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

Rowland Penny-5
On 30/01/14 10:12, Sven Schwedas wrote:

> Hi,
>
> On 2014-01-30 11:00, Lea Massiot wrote:
>> Hello,
>>
>> My question is about how to join a "Linux" machine to a "Samba4 AD DC"
>> domain.
>>
>> Given that I have a "Samba4 AD DC" running on a machine (A),
>> given that I have a another machine (B) running "Linux Debian Wheezy",
>> can you tell me:
>>
>> 1) How I can join (B) to the domain?
>>
>> Do I have to install specific packages on (B)?
> Samba4. Preferably not the bugged and incomplete packages shipped with
> Wheezy. Use the packages provided by sernet, or wheezy-backports.
>
> (Note that Samba4 in wheezy-backports breaks sssd, you'll only be able
> to use winbind or pam_ldap. Refer to the recent and still ongoing
> elaborate shitstorms on the mailing list to pros/cons of sssd vs. winbindd.)
Unless the OP has jumped ship, they are using self compiled 4.1.4 on the DC

I would suggest using Jessie instead of Wheezy, it comes with 4.1.4 that
works.

>
>> Does it look like something like this: "net ads join -U Administrator"?
Yes, this will work

> Should be "samba-tool domain join" in Samba 4.1+. Refer to its help
> texts and manpages for details, it's the only documentation currently
> existing.
>
Only if you want to join as a Member or DC

>> 2) How can I create a shared directory on (B) so that other clients both
>> Windows and Linux can access it in read and write mode?
> Not visibly different from samba3. Set it up in your smb.conf, and
> ensure your auth backends (winbind or sssd) are configured properly.
>
>
>
Totally agree

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

Sven Schwedas
On 2014-01-30 11:24, Rowland Penny wrote:

> On 30/01/14 10:12, Sven Schwedas wrote:
>> Hi,
>>
>> On 2014-01-30 11:00, Lea Massiot wrote:
>>> Hello,
>>>
>>> My question is about how to join a "Linux" machine to a "Samba4 AD DC"
>>> domain.
>>>
>>> Given that I have a "Samba4 AD DC" running on a machine (A),
>>> given that I have a another machine (B) running "Linux Debian Wheezy",
>>> can you tell me:
>>>
>>> 1) How I can join (B) to the domain?
>>>
>>> Do I have to install specific packages on (B)?
>> Samba4. Preferably not the bugged and incomplete packages shipped with
>> Wheezy. Use the packages provided by sernet, or wheezy-backports.
>>
>> (Note that Samba4 in wheezy-backports breaks sssd, you'll only be able
>> to use winbind or pam_ldap. Refer to the recent and still ongoing
>> elaborate shitstorms on the mailing list to pros/cons of sssd vs.
>> winbindd.)
> Unless the OP has jumped ship, they are using self compiled 4.1.4 on the DC
Ah, okay.

> I would suggest using Jessie instead of Wheezy, it comes with 4.1.4 that
> works.
>
>>
>>> Does it look like something like this: "net ads join -U Administrator"?
> Yes, this will work
>
>> Should be "samba-tool domain join" in Samba 4.1+. Refer to its help
>> texts and manpages for details, it's the only documentation currently
>> existing.
>>
> Only if you want to join as a Member or DC
Hm, is that distinction documented somewhere? I wasn't aware of that.

>>> 2) How can I create a shared directory on (B) so that other clients both
>>> Windows and Linux can access it in read and write mode?
>> Not visibly different from samba3. Set it up in your smb.conf, and
>> ensure your auth backends (winbind or sssd) are configured properly.
>>
> Totally agree
>
> Rowland
>

--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: [hidden email] | +43 (0)680 301 7167
http://software.tao.at


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

signature.asc (679 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

Rowland Penny-5
On 30/01/14 10:26, Sven Schwedas wrote:

> On 2014-01-30 11:24, Rowland Penny wrote:
>> On 30/01/14 10:12, Sven Schwedas wrote:
>>> Hi,
>>>
>>> On 2014-01-30 11:00, Lea Massiot wrote:
>>>> Hello,
>>>>
>>>> My question is about how to join a "Linux" machine to a "Samba4 AD DC"
>>>> domain.
>>>>
>>>> Given that I have a "Samba4 AD DC" running on a machine (A),
>>>> given that I have a another machine (B) running "Linux Debian Wheezy",
>>>> can you tell me:
>>>>
>>>> 1) How I can join (B) to the domain?
>>>>
>>>> Do I have to install specific packages on (B)?
>>> Samba4. Preferably not the bugged and incomplete packages shipped with
>>> Wheezy. Use the packages provided by sernet, or wheezy-backports.
>>>
>>> (Note that Samba4 in wheezy-backports breaks sssd, you'll only be able
>>> to use winbind or pam_ldap. Refer to the recent and still ongoing
>>> elaborate shitstorms on the mailing list to pros/cons of sssd vs.
>>> winbindd.)
>> Unless the OP has jumped ship, they are using self compiled 4.1.4 on the DC
> Ah, okay.
>
>> I would suggest using Jessie instead of Wheezy, it comes with 4.1.4 that
>> works.
>>
>>>> Does it look like something like this: "net ads join -U Administrator"?
>> Yes, this will work
>>
>>> Should be "samba-tool domain join" in Samba 4.1+. Refer to its help
>>> texts and manpages for details, it's the only documentation currently
>>> existing.
>>>
>> Only if you want to join as a Member or DC
> Hm, is that distinction documented somewhere? I wasn't aware of that.
Well, 'samba-tool domain join --help' and sorry I got it wrong its
Backup DC, not just DC

Rowland

>
>>>> 2) How can I create a shared directory on (B) so that other clients both
>>>> Windows and Linux can access it in read and write mode?
>>> Not visibly different from samba3. Set it up in your smb.conf, and
>>> ensure your auth backends (winbind or sssd) are configured properly.
>>>
>> Totally agree
>>
>> Rowland
>>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

L.P.H. van Belle
In reply to this post by Rowland Penny-5
Just for your information.


>I would suggest using Jessie instead of Wheezy, it comes with
>4.1.4 that
>works.

NEVER NEVER NEVER use debian TESTING ( Now Jessie ) in production.
Testing(jessie) gets as latest the security and bugfixes.

Why, this is the debian version which can easy break your system.
so if you still going to use jessie make sure you have really good backups,
and remember, every apt-get update && apt-get upgrade can break you system.
But again DONT DO IT.. of install en dont touch it again when it works ok.

My advice, use wheezy with backports.
or recompile yourself its not that hard, i did it to.
How to do, you can find on the samba list.


Louis


>-----Oorspronkelijk bericht-----
>Van: [hidden email]
>[mailto:[hidden email]] Namens Rowland Penny
>Verzonden: donderdag 30 januari 2014 11:25
>Aan: Sven Schwedas; [hidden email]
>Onderwerp: Re: [Samba] How to join a Linux machine to a Samba4 domain
>
>On 30/01/14 10:12, Sven Schwedas wrote:
>> Hi,
>>
>> On 2014-01-30 11:00, Lea Massiot wrote:
>>> Hello,
>>>
>>> My question is about how to join a "Linux" machine to a
>"Samba4 AD DC"
>>> domain.
>>>
>>> Given that I have a "Samba4 AD DC" running on a machine (A),
>>> given that I have a another machine (B) running "Linux
>Debian Wheezy",
>>> can you tell me:
>>>
>>> 1) How I can join (B) to the domain?
>>>
>>> Do I have to install specific packages on (B)?
>> Samba4. Preferably not the bugged and incomplete packages
>shipped with
>> Wheezy. Use the packages provided by sernet, or wheezy-backports.
>>
>> (Note that Samba4 in wheezy-backports breaks sssd, you'll
>only be able
>> to use winbind or pam_ldap. Refer to the recent and still ongoing
>> elaborate shitstorms on the mailing list to pros/cons of
>sssd vs. winbindd.)
>Unless the OP has jumped ship, they are using self compiled
>4.1.4 on the DC
>
>I would suggest using Jessie instead of Wheezy, it comes with
>4.1.4 that
>works.
>
>>
>>> Does it look like something like this: "net ads join -U
>Administrator"?
>Yes, this will work
>
>> Should be "samba-tool domain join" in Samba 4.1+. Refer to its help
>> texts and manpages for details, it's the only documentation currently
>> existing.
>>
>Only if you want to join as a Member or DC
>
>>> 2) How can I create a shared directory on (B) so that other
>clients both
>>> Windows and Linux can access it in read and write mode?
>> Not visibly different from samba3. Set it up in your smb.conf, and
>> ensure your auth backends (winbind or sssd) are configured properly.
>>
>>
>>
>Totally agree
>
>Rowland
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

L.P.H. van Belle
and forgot,

Or use the sernet packages. they work fine on wheezy


>-----Oorspronkelijk bericht-----
>Van: [hidden email] [mailto:[hidden email]]
>Namens L.P.H. van Belle
>Verzonden: donderdag 30 januari 2014 11:58
>Aan: [hidden email]
>Onderwerp: Re: [Samba] How to join a Linux machine to a Samba4 domain
>
>Just for your information.
>
>
>>I would suggest using Jessie instead of Wheezy, it comes with
>>4.1.4 that
>>works.
>
>NEVER NEVER NEVER use debian TESTING ( Now Jessie ) in production.
>Testing(jessie) gets as latest the security and bugfixes.
>
>Why, this is the debian version which can easy break your system.
>so if you still going to use jessie make sure you have really
>good backups,
>and remember, every apt-get update && apt-get upgrade can
>break you system.
>But again DONT DO IT.. of install en dont touch it again when
>it works ok.
>
>My advice, use wheezy with backports.
>or recompile yourself its not that hard, i did it to.
>How to do, you can find on the samba list.
>
>
>Louis
>
>
>>-----Oorspronkelijk bericht-----
>>Van: [hidden email]
>>[mailto:[hidden email]] Namens Rowland Penny
>>Verzonden: donderdag 30 januari 2014 11:25
>>Aan: Sven Schwedas; [hidden email]
>>Onderwerp: Re: [Samba] How to join a Linux machine to a Samba4 domain
>>
>>On 30/01/14 10:12, Sven Schwedas wrote:
>>> Hi,
>>>
>>> On 2014-01-30 11:00, Lea Massiot wrote:
>>>> Hello,
>>>>
>>>> My question is about how to join a "Linux" machine to a
>>"Samba4 AD DC"
>>>> domain.
>>>>
>>>> Given that I have a "Samba4 AD DC" running on a machine (A),
>>>> given that I have a another machine (B) running "Linux
>>Debian Wheezy",
>>>> can you tell me:
>>>>
>>>> 1) How I can join (B) to the domain?
>>>>
>>>> Do I have to install specific packages on (B)?
>>> Samba4. Preferably not the bugged and incomplete packages
>>shipped with
>>> Wheezy. Use the packages provided by sernet, or wheezy-backports.
>>>
>>> (Note that Samba4 in wheezy-backports breaks sssd, you'll
>>only be able
>>> to use winbind or pam_ldap. Refer to the recent and still ongoing
>>> elaborate shitstorms on the mailing list to pros/cons of
>>sssd vs. winbindd.)
>>Unless the OP has jumped ship, they are using self compiled
>>4.1.4 on the DC
>>
>>I would suggest using Jessie instead of Wheezy, it comes with
>>4.1.4 that
>>works.
>>
>>>
>>>> Does it look like something like this: "net ads join -U
>>Administrator"?
>>Yes, this will work
>>
>>> Should be "samba-tool domain join" in Samba 4.1+. Refer to its help
>>> texts and manpages for details, it's the only documentation
>currently
>>> existing.
>>>
>>Only if you want to join as a Member or DC
>>
>>>> 2) How can I create a shared directory on (B) so that other
>>clients both
>>>> Windows and Linux can access it in read and write mode?
>>> Not visibly different from samba3. Set it up in your smb.conf, and
>>> ensure your auth backends (winbind or sssd) are configured properly.
>>>
>>>
>>>
>>Totally agree
>>
>>Rowland
>>
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

L.P.H. van Belle
In reply to this post by Rowland Penny-5
and.

https://lists.samba.org/archive/samba/2013-October/176380.html 

samba 4, joining a windows 2008R2 domain as DC. ubuntu 12.04 with sernet packages ( small howto ) W.I.P.

Works also for debian Wheezy.
and if your using backports replace the package names sernet-samba to just samba-



Louis


>-----Oorspronkelijk bericht-----
>Van: [hidden email]
>[mailto:[hidden email]] Namens Rowland Penny
>Verzonden: donderdag 30 januari 2014 11:29
>Aan: Sven Schwedas; [hidden email]
>Onderwerp: Re: [Samba] How to join a Linux machine to a Samba4 domain
>
>On 30/01/14 10:26, Sven Schwedas wrote:
>> On 2014-01-30 11:24, Rowland Penny wrote:
>>> On 30/01/14 10:12, Sven Schwedas wrote:
>>>> Hi,
>>>>
>>>> On 2014-01-30 11:00, Lea Massiot wrote:
>>>>> Hello,
>>>>>
>>>>> My question is about how to join a "Linux" machine to a
>"Samba4 AD DC"
>>>>> domain.
>>>>>
>>>>> Given that I have a "Samba4 AD DC" running on a machine (A),
>>>>> given that I have a another machine (B) running "Linux
>Debian Wheezy",
>>>>> can you tell me:
>>>>>
>>>>> 1) How I can join (B) to the domain?
>>>>>
>>>>> Do I have to install specific packages on (B)?
>>>> Samba4. Preferably not the bugged and incomplete packages
>shipped with
>>>> Wheezy. Use the packages provided by sernet, or wheezy-backports.
>>>>
>>>> (Note that Samba4 in wheezy-backports breaks sssd, you'll
>only be able
>>>> to use winbind or pam_ldap. Refer to the recent and still ongoing
>>>> elaborate shitstorms on the mailing list to pros/cons of sssd vs.
>>>> winbindd.)
>>> Unless the OP has jumped ship, they are using self compiled
>4.1.4 on the DC
>> Ah, okay.
>>
>>> I would suggest using Jessie instead of Wheezy, it comes
>with 4.1.4 that
>>> works.
>>>
>>>>> Does it look like something like this: "net ads join -U
>Administrator"?
>>> Yes, this will work
>>>
>>>> Should be "samba-tool domain join" in Samba 4.1+. Refer to its help
>>>> texts and manpages for details, it's the only
>documentation currently
>>>> existing.
>>>>
>>> Only if you want to join as a Member or DC
>> Hm, is that distinction documented somewhere? I wasn't aware of that.
>Well, 'samba-tool domain join --help' and sorry I got it wrong its
>Backup DC, not just DC
>
>Rowland
>
>>
>>>>> 2) How can I create a shared directory on (B) so that
>other clients both
>>>>> Windows and Linux can access it in read and write mode?
>>>> Not visibly different from samba3. Set it up in your smb.conf, and
>>>> ensure your auth backends (winbind or sssd) are configured
>properly.
>>>>
>>> Totally agree
>>>
>>> Rowland
>>>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

Lea Massiot
In reply to this post by Sven Schwedas
I never "seriously" joined a "Linux" machine to a "Samba" domain before (not even with "Samba3").
I only joined "Windows" clients.
I never "seriously" created shares for the "Samba" domain on a "Linux" machine either.
I only created shares on the "Windows" clients.
This is the reason why I'm asking how to do this.
For me, I couldn't find a clean answer to this question on the Internet.

> Samba4. Preferably not the bugged and incomplete packages shipped with Wheezy.

On the "Samba4 AD DC" referred to as machine (A) in my previous post, I installed "samba4" from the sources (http://ftp.samba.org/pub/samba/samba-4.1.4.tar.gz) as "Rowland Penny" on this list instructed me to.

So, do I have to install this (http://ftp.samba.org/pub/samba/samba-4.1.4.tar.gz) too on the "Linux Debian Wheezy" client referred to as machine (B) in my previous post?

Best regards.
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

steve-2
On Thu, 2014-01-30 at 03:10 -0800, Lea Massiot wrote:

> I never "seriously" joined a "Linux" machine to a "Samba" domain before (not
> even with "Samba3").
> I only joined "Windows" clients.
> I never "seriously" created shares for the "Samba" domain on a "Linux"
> machine either.
> I only created shares on the "Windows" clients.
> This is the reason why I'm asking how to do this.
> For me, I couldn't find a clean answer to this question on the Internet.
>
> > Samba4. Preferably not the bugged and incomplete packages shipped with
> > Wheezy.
>
> On the "Samba4 AD DC" referred to as machine (A) in my previous post, I
> installed "samba4" from the sources
> (http://ftp.samba.org/pub/samba/samba-4.1.4.tar.gz) as "Rowland Penny" on
> this list instructed me to.
>
> So, do I have to install this
> (http://ftp.samba.org/pub/samba/samba-4.1.4.tar.gz) too on the "Linux Debian
> Wheezy" client referred to as machine (B) in my previous post?
>

Hi
If you are going to use this client as a file server for the domain then
yes. Otherwise, if you simply want it to be a domain member then a much
more minimal install would be fine. On most distros there is a package
called samba-client. That's all you need.
HTH
Steve


> Best regards.
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/How-to-join-a-Linux-machine-to-a-Samba4-domain-tp4660009p4660024.html
> Sent from the Samba - General mailing list archive at Nabble.com.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

Rowland Penny-5
In reply to this post by Lea Massiot
On 30/01/14 11:10, Lea Massiot wrote:
> I never "seriously" joined a "Linux" machine to a "Samba" domain before (not
> even with "Samba3").
> I only joined "Windows" clients.
Much the same, only you do it on the command line
> I never "seriously" created shares for the "Samba" domain on a "Linux"
> machine either.
> I only created shares on the "Windows" clients.
> This is the reason why I'm asking how to do this.
> For me, I couldn't find a clean answer to this question on the Internet.
Have a look here:
https://wiki.samba.org/index.php/Setup_and_configure_file_shares

>
>> Samba4. Preferably not the bugged and incomplete packages shipped with
>> Wheezy.
> On the "Samba4 AD DC" referred to as machine (A) in my previous post, I
> installed "samba4" from the sources
> (http://ftp.samba.org/pub/samba/samba-4.1.4.tar.gz) as "Rowland Penny" on
> this list instructed me to.
>
> So, do I have to install this
> (http://ftp.samba.org/pub/samba/samba-4.1.4.tar.gz) too on the "Linux Debian
> Wheezy" client referred to as machine (B) in my previous post?
Well you could, but as it is going to be a client, you might as well
just use the stock samba packages.

Rowland

>
> Best regards.
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/How-to-join-a-Linux-machine-to-a-Samba4-domain-tp4660009p4660024.html
> Sent from the Samba - General mailing list archive at Nabble.com.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

Lea Massiot
In reply to this post by steve-2
Hello,

> Otherwise, if you simply want it to be a domain member then a much more minimal install would be fine.

This is what I need.

> On most distros there is a package called samba-client. That's all you need.

Fine.
Shall I "apt-get install samba-client"?

Best regards.
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

steve-2
On Thu, 2014-01-30 at 03:45 -0800, Lea Massiot wrote:
> Hello,
>
> > Otherwise, if you simply want it to be a domain member then a much more
> > minimal install would be fine.
>
> This is what I need.
OK. So your file server is elsewhere. Fine.
>
> > On most distros there is a package called samba-client. That's all you
> > need.
>
> Fine.
> Shall I "apt-get install samba-client"?
>
Yep. Looks good. Do you have kerberos set up yet?
HTH
Steve


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

Lea Massiot
Hello,

> Do you have kerberos set up yet?
No, I haven't.

Best regards.
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

steve-2
On Thu, 2014-01-30 at 05:27 -0800, Lea Massiot wrote:
> Hello,
>
> > Do you have kerberos set up yet?
> No, I haven't.

OK. You'll need to.

apt-get install krb5-user krb5-config libpam-krb5 auth-client-config
sasl2-bin libsasl2-2 libsasl2-modules libsasl2-modules-gssapi-mit

As the install progresses, you'll be asked for your realm. It will then
ceate a kerberos configuration. Backup /etc/krb5.conf and replace it
with this:
[libdefaults]
        default_realm = YOUR.REALM
        dns_lookup_realm = false
        dns_lookup_kdc = true

Next question: do you have DNS set up yet?
HTH
Steve


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

Lea Massiot
In reply to this post by Lea Massiot
Hello,

> As the install progresses, you'll be asked for your realm. It will then create a kerberos configuration.

What is going to be the "default_realm"?
The same as the one which appears in "/etc/krb5.conf" on machine (A) which is the "Samba4 AD DC"?

> do you have DNS set up yet?
Yes, absolutely.
"Bind9" is running on the same machine as "Samba4".

Best regards.
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

steve-2
On Thu, 2014-01-30 at 08:06 -0800, Lea Massiot wrote:
> Hello,
>
> > As the install progresses, you'll be asked for your realm. It will then
> > create a kerberos configuration.
>
> What is going to be the "default_realm"?
> The same as the one which appears in "/etc/krb5.conf" on machine (A) which
> is the "Samba4 AD DC"?
>
Yes.
> > do you have DNS set up yet?
> Yes, absolutely.
> "Bind9" is running on the same machine as "Samba4".
>
Perfect.

Just before you attempt to join, add the DC IP and fqdn to /etc/hosts
and make sure that the client has the DC has its primary DNS.

I think that's it. For the join at least. It should also get domain
users authenticated.
Cheers,
Steve




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

Lea Massiot
Hello,

> add the DC IP and fqdn to /etc/hosts

If the DC IP is: 192.168.0.13
and its fqdn is: b.example.com
where "b" is the hostname of the DC,
does this mean that I have to add the line below to "/etc/hosts"?

192.168.0.13    b.example.com

> make sure that the client has the DC has its primary DNS.

Do you mean that my "/etc/resolv.conf" should look like this (below)?

search example.com
nameserver 192.168.0.13

> It should also get domain users authenticated.

What does this mean?

Best regards.
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

Ricky Nance-2
Don't add the DC to your hosts file, that can cause dns issues to be
hidden, making seemingly random problems VERY hard to find later on.

Ricky


On Thu, Jan 30, 2014 at 11:22 AM, Lea Massiot <[hidden email]> wrote:

> Hello,
>
> > add the DC IP and fqdn to /etc/hosts
>
> If the DC IP is: 192.168.0.13
> and its fqdn is: b.example.com
> where "b" is the hostname of the DC,
> does this mean that I have to add the line below to "/etc/hosts"?
>
> 192.168.0.13    b.example.com
>
> > make sure that the client has the DC has its primary DNS.
>
> Do you mean that my "/etc/resolv.conf" should look like this (below)?
>
> search example.com
> nameserver 192.168.0.13
>
> > It should also get domain users authenticated.
>
> What does this mean?
>
> Best regards.
>
>
>
> --
> View this message in context:
> http://samba.2283325.n4.nabble.com/How-to-join-a-Linux-machine-to-a-Samba4-domain-tp4660009p4660054.html
> Sent from the Samba - General mailing list archive at Nabble.com.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: How to join a Linux machine to a Samba4 domain

steve-2
On Thu, 2014-01-30 at 11:43 -0600, Ricky Nance wrote:
> Don't add the DC to your hosts file, that can cause dns issues to be
> hidden, making seemingly random problems VERY hard to find later on.
>
It's the only way I know to register the dns the first time you join a
Linux client. Otherwise there is a dns update error. By all means remove
it afterwards. If you are having problems.

HTH
Steve

> Ricky
>
>
> On Thu, Jan 30, 2014 at 11:22 AM, Lea Massiot <[hidden email]> wrote:
>
> > Hello,
> >
> > > add the DC IP and fqdn to /etc/hosts
> >
> > If the DC IP is: 192.168.0.13
> > and its fqdn is: b.example.com
> > where "b" is the hostname of the DC,
> > does this mean that I have to add the line below to "/etc/hosts"?
> >
> > 192.168.0.13    b.example.com
> >
> > > make sure that the client has the DC has its primary DNS.
> >
> > Do you mean that my "/etc/resolv.conf" should look like this (below)?
> >
> > search example.com
> > nameserver 192.168.0.13
> >
> > > It should also get domain users authenticated.
> >
> > What does this mean?
> >
> > Best regards.
> >
> >
> >
> > --
> > View this message in context:
> > http://samba.2283325.n4.nabble.com/How-to-join-a-Linux-machine-to-a-Samba4-domain-tp4660009p4660054.html
> > Sent from the Samba - General mailing list archive at Nabble.com.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
12