On Wed, 30 Aug 2017 14:12:09 -0300 Flávio Silveira via samba <samba at lists.samba.org> wrote:> > > On 30/08/2017 13:16, Rowland Penny via samba wrote: > > On Wed, 30 Aug 2017 12:48:09 -0300 > > Flávio Silveira via samba <samba at lists.samba.org> wrote: > > > >> Hi Louis > >> > >> On 30/08/2017 10:28, L.P.H. van Belle via samba wrote: > >>> Hai, > >> First I want to thank you for maintaining a debian repo with > >> updated packages, made my life much easier! > >> > >>> If you have a small network, yes, a DC only is not recommended, > >>> but if configured correcly it works fine. I see you have only one > >>> linux server, so i can assum only windows clients. Then, i say > >>> yes, setup an AD DC as fileserver. > >> Do you have any pointers on which wiki tutorial I should follow to > >> get things started? > >> > > Follow the DC wiki page: > > > > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller > > > > There is even a section: Using the Domain Controller as a File > > Server > > > > This will send you to: > > > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > > > Where you will need to read this section: > > > > Configuring the Name Service Switch > > > > Which will refer you to: > > > > https://wiki.samba.org/index.php/Libnss_winbind_Links > > > > This will tell you how to set up the libnns_winbind links > > > > Having said all that, you can do it all by installing > > > > samba attr winbind libpam-winbind libpam-krb5 libnss-winbind > > krb5-config krb5-user ntp dnsutils ldb-tools > > > > set up ntp as per the wiki: > > > > https://wiki.samba.org/index.php/Time_Synchronisation > > > > provision the domain, run 'pam-auth-update' ensure everything is > > checked and tab to <OK> and press enter, now start 'samba' > > > > It should just work. > > > > Rowland > > > > I can't thank you enough for this, great walk through!No problem.> > I will probably have more questions during the setup, but I have only > one left for now:Any questions, just ask, the only stupid question is the one you don't ask ;-)> > Will it create any issues if I do it within the current network or do > you recommend doing in network lab? >I would do a test run first, that way, if there are any questions, you can ask them and errors wont affect anything. There is just one thing I missed, you will probably want homedirs for the users, to get them created automatically the first time a user connects, you will need to add this line to /etc/pam.d/common-session session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 Rowland
On 30/08/2017 14:36, Rowland Penny via samba wrote:> On Wed, 30 Aug 2017 14:12:09 -0300 > Flávio Silveira via samba <samba at lists.samba.org> wrote: > >> >> On 30/08/2017 13:16, Rowland Penny via samba wrote: >>> On Wed, 30 Aug 2017 12:48:09 -0300 >>> Flávio Silveira via samba <samba at lists.samba.org> wrote: >>> >>>> Hi Louis >>>> >>>> On 30/08/2017 10:28, L.P.H. van Belle via samba wrote: >>>>> Hai, >>>> First I want to thank you for maintaining a debian repo with >>>> updated packages, made my life much easier! >>>> >>>>> If you have a small network, yes, a DC only is not recommended, >>>>> but if configured correcly it works fine. I see you have only one >>>>> linux server, so i can assum only windows clients. Then, i say >>>>> yes, setup an AD DC as fileserver. >>>> Do you have any pointers on which wiki tutorial I should follow to >>>> get things started? >>>> >>> Follow the DC wiki page: >>> >>> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller >>> >>> There is even a section: Using the Domain Controller as a File >>> Server >>> >>> This will send you to: >>> >>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member >>> >>> Where you will need to read this section: >>> >>> Configuring the Name Service Switch >>> >>> Which will refer you to: >>> >>> https://wiki.samba.org/index.php/Libnss_winbind_Links >>> >>> This will tell you how to set up the libnns_winbind links >>> >>> Having said all that, you can do it all by installing >>> >>> samba attr winbind libpam-winbind libpam-krb5 libnss-winbind >>> krb5-config krb5-user ntp dnsutils ldb-tools >>> >>> set up ntp as per the wiki: >>> >>> https://wiki.samba.org/index.php/Time_Synchronisation >>> >>> provision the domain, run 'pam-auth-update' ensure everything is >>> checked and tab to <OK> and press enter, now start 'samba' >>> >>> It should just work. >>> >>> Rowland >>> >> I can't thank you enough for this, great walk through! > No problem. > >> I will probably have more questions during the setup, but I have only >> one left for now: > Any questions, just ask, the only stupid question is the one you don't > ask ;-) > >> Will it create any issues if I do it within the current network or do >> you recommend doing in network lab? >> > I would do a test run first, that way, if there are any questions, > you can ask them and errors wont affect anything. > > There is just one thing I missed, you will probably want homedirs for > the users, to get them created automatically the first time a user > connects, you will need to add this line to /etc/pam.d/common-session > > session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 > > Rowland > > >As suggested I am reading https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller and https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ As Active Directory Naming seem very important, I want to do it right. My company domain is tecnopon.com.br but it is not hosted by me, it is hosted by a hosting company. After reading Active Directory Naming FAQ, if I understand what I have read, I can use ad.tecnopon.com.br and I won't need to change any DNS zone files as it will only be used internally. Am I correct? Regards, Flavio Silveira
Yes, correct. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Flávio Silveira via samba > Verzonden: maandag 11 september 2017 15:41 > Aan: Rowland Penny; samba at lists.samba.org > Onderwerp: Re: [Samba] File server questions > > > > On 30/08/2017 14:36, Rowland Penny via samba wrote: > > On Wed, 30 Aug 2017 14:12:09 -0300 > > Flávio Silveira via samba <samba at lists.samba.org> wrote: > > > >> > >> On 30/08/2017 13:16, Rowland Penny via samba wrote: > >>> On Wed, 30 Aug 2017 12:48:09 -0300 > >>> Flávio Silveira via samba <samba at lists.samba.org> wrote: > >>> > >>>> Hi Louis > >>>> > >>>> On 30/08/2017 10:28, L.P.H. van Belle via samba wrote: > >>>>> Hai, > >>>> First I want to thank you for maintaining a debian repo with > >>>> updated packages, made my life much easier! > >>>> > >>>>> If you have a small network, yes, a DC only is not recommended, > >>>>> but if configured correcly it works fine. I see you > have only one > >>>>> linux server, so i can assum only windows clients. Then, i say > >>>>> yes, setup an AD DC as fileserver. > >>>> Do you have any pointers on which wiki tutorial I should > follow to > >>>> get things started? > >>>> > >>> Follow the DC wiki page: > >>> > >>> > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Direc > >>> tory_Domain_Controller > >>> > >>> There is even a section: Using the Domain Controller as a File > >>> Server > >>> > >>> This will send you to: > >>> > >>> > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > >>> > >>> Where you will need to read this section: > >>> > >>> Configuring the Name Service Switch > >>> > >>> Which will refer you to: > >>> > >>> https://wiki.samba.org/index.php/Libnss_winbind_Links > >>> > >>> This will tell you how to set up the libnns_winbind links > >>> > >>> Having said all that, you can do it all by installing > >>> > >>> samba attr winbind libpam-winbind libpam-krb5 libnss-winbind > >>> krb5-config krb5-user ntp dnsutils ldb-tools > >>> > >>> set up ntp as per the wiki: > >>> > >>> https://wiki.samba.org/index.php/Time_Synchronisation > >>> > >>> provision the domain, run 'pam-auth-update' ensure everything is > >>> checked and tab to <OK> and press enter, now start 'samba' > >>> > >>> It should just work. > >>> > >>> Rowland > >>> > >> I can't thank you enough for this, great walk through! > > No problem. > > > >> I will probably have more questions during the setup, but > I have only > >> one left for now: > > Any questions, just ask, the only stupid question is the > one you don't > > ask ;-) > > > >> Will it create any issues if I do it within the current > network or do > >> you recommend doing in network lab? > >> > > I would do a test run first, that way, if there are any > questions, you > > can ask them and errors wont affect anything. > > > > There is just one thing I missed, you will probably want > homedirs for > > the users, to get them created automatically the first time a user > > connects, you will need to add this line to > /etc/pam.d/common-session > > > > session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 > > > > Rowland > > > > > > > > As suggested I am reading > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active > _Directory_Domain_Controller > and https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ > > As Active Directory Naming seem very important, I want to do it right. > > My company domain is tecnopon.com.br but it is not hosted by > me, it is hosted by a hosting company. > > After reading Active Directory Naming FAQ, if I understand > what I have read, I can use ad.tecnopon.com.br and I won't > need to change any DNS zone files as it will only be used > internally. Am I correct? > > Regards, > Flavio Silveira > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Mon, 11 Sep 2017 10:40:50 -0300 Flávio Silveira <fggs at terra.com.br> wrote:> My company domain is tecnopon.com.br but it is not hosted by me, it > is hosted by a hosting company. > > After reading Active Directory Naming FAQ, if I understand what I > have read, I can use ad.tecnopon.com.br and I won't need to change > any DNS zone files as it will only be used internally. Am I correct? >Well, yes and no ;-) When you provision your AD domain, you will get DNS records for 'ad.tecnopon.com.br' created in AD, you should get your domain members to use the AD DC as their nameserver and set the DC to forward anything else to your existing domains nameserver. To put it it another way, create your AD domain as a subdomain of 'tecnopon.com.br', use the DC as the nameserver for the subdomain and your domain for every thing else. HTH Rowland