Matthias Busch
2015-Mar-12 22:31 UTC
[Samba] samba 4.1.17 on raspberry pi as ad dc - first good results!
RESULT! ~# kinit administrator at MY-DOMAIN.LOCAL Password for administrator at MY-DOMAIN.LOCAL: Warning: Your password will expire in 41 days on Thu Apr 23 16:57:35 2015 !!!! --- I should have listened to you guys much sooner. I suspect that the .local did indeed have something to do with it since mDNS was running and may have screwed with dns resolution for *.local. tlds? additionally, I adjusted the /etc/krb5.conf file according to Peters suggestion. rowland says I only need the top four lines? samba generated a krb5.conf file for me with only those 4 lines. the longer one is working now, is there a reason for why the shorter one would be better? --->Btw, we would like to check the smb.conf, too..I posted my entire smb.conf this afternoon already. --->and yes, you do need winbind adding to the passwd & group lines in >/etc/nsswitch.conf, but you need more, see the wiki page I posted earlier.looking into that next! --- >> syslog paste... > There is something going on there, how are you starting samba ? via init.d script / on boot see first post for where I got the script from and how I edited it...> OH yes you do! >tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 2239/samba >udp 0 0 192.168.7.254:88 0.0.0.0:* 2239/sambaah, I was looking for krb5 or similar process name... ---> ipv6well, its not exactly enabled. no ipv6 in network/interfaces, none in /etc/hosts and i am pretty sure I build without ipv6 support. if need be I could go deeper into raspbian and see if I can forceable disable ipv6 however, in the not too distant future, the possibility to at least run a dualstack should exist. forcing ipv6 off in the OS would be a step in the wrong direction for that :) --- just tested... I was able to add a win7pro to the domain!
Rowland Penny
2015-Mar-12 22:39 UTC
[Samba] samba 4.1.17 on raspberry pi as ad dc - first good results!
On 12/03/15 22:31, Matthias Busch wrote:> RESULT! > > ~# kinit administrator at MY-DOMAIN.LOCAL > Password for administrator at MY-DOMAIN.LOCAL: > Warning: Your password will expire in 41 days on Thu Apr 23 16:57:35 2015 > > !!!! > > --- > > I should have listened to you guys much sooner. I suspect that the > .local did indeed have something to do with it since mDNS was running > and may have screwed with dns resolution for *.local. tlds? > > additionally, I adjusted the /etc/krb5.conf file according to Peters > suggestion. > rowland says I only need the top four lines? samba generated a > krb5.conf file for me with only those 4 lines. > the longer one is working now, is there a reason for why the shorter > one would be better? > > --- > >> Btw, we would like to check the smb.conf, too.. > > I posted my entire smb.conf this afternoon already. > > --- > >> and yes, you do need winbind adding to the passwd & group lines in >> /etc/nsswitch.conf, but you need more, see the wiki page I posted >> earlier. > > looking into that next! > > --- > >> syslog paste... > > > There is something going on there, how are you starting samba ? > > via init.d script / on boot > see first post for where I got the script from and how I edited it... > >> OH yes you do! >> tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 2239/samba >> udp 0 0 192.168.7.254:88 0.0.0.0:* 2239/samba > > ah, I was looking for krb5 or similar process name... > > --- > >> ipv6 > well, its not exactly enabled. no ipv6 in network/interfaces, none in > /etc/hosts > and i am pretty sure I build without ipv6 support. > if need be I could go deeper into raspbian and see if I can forceable > disable ipv6 > > however, in the not too distant future, the possibility to at least > run a dualstack should exist. > forcing ipv6 off in the OS would be a step in the wrong direction for > that :) > > --- > > just tested... > I was able to add a win7pro to the domain! > >I could say 'I told you so' but I won't :-) You only need those 4 lines in krb5.conf, the rest is probably being ignored, one of the these days I will try and see if it will work with just the 'default_realm' line. Rowland
Matthias Busch
2015-Mar-13 09:34 UTC
[Samba] samba 4.1.17 on raspberry pi as ad dc - winbind breaks it again
okay, I started to look into winbind and the /etc/nsswitch.conf (and smb.conf)... and it wreaked havoc... I was using the guide at https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server - right guide? the guide is talking about "samba member server that is part of an active directory" Is that correct? I mean, THE ad domain controller is member of the ad, but it sounds like this guide is about samba being added to AD, not samba being the AD - added the idmap and winbind lines to smb.conf - net [rpc|ads] join -u administrator I do not exactly get what this does and if rpc or ads is the "right one" which made me think. when I setup samba4 as ad controller (samba-tool domain provision ...) does it not become member of the its own domain? do I need to add it by hand? I always assumed not do... - ln -s ... + ldconfig here I ran into trouble. I saw the notice about needing to subsitute lib64 with lib if running x86 Well, the pi is definately not x64. but neither is it x86. i chose to use lib, betting it should fit. x86_64-linux-gnu I replaced with i386-linux-gnu - nsswitch.conf I added the winbind as stated - samba start now samba wont start anymore. I guess samba will be replaced by smbd, nmbd and winbindd (error message in daemon.log hints at that) for which I have no startscripts. any quick solutions or do I have to manually fix it? the link for start script under starting the daemons will lead to the site I got my script from though... - testing wbinfo -u and wbinfo -g show nothing and no error - configure wrong? I did not use --with-ads --with-shared-modules=idmap_ad According to the guide I should have... Guess Ill have to start again If only configure, make and make install wouldnt take ages... - why winbind? I dont exactly get the benefit of dealing with winbind. a quick test yesterday let me add a pc to the domain and access the domain via windows 7 server tools. I have not further tested the capabilities of the samba ad. What wont work without winbind, what does it accomplish.
Maybe Matching Threads
- samba 4.1.17 on raspberry pi as ad dc - first good results!
- samba 4.1.17 on raspberry pi as ad dc - final thoughts, success and follow up link
- samba 4.1.17 on raspberry pi as ad dc - krb5 problem / ipv6?
- samba 4.1.17 on raspberry pi as ad dc - final thoughts, success and follow up link
- samba 4.1.17 on raspberry pi as ad dc - internal dns problems