Hi Running Samba 4.9 AD DC on CentOS 7 and would like to join the server to the domain that it serves out. This is to manage user access to roaming profiles. Can anyone advise whether this is 1. Possible 2. Advisable 3. What pitfalls there are Thanks Tony Walsh ************************************************************************************* The information contained in this communication may be commercially sensitive and/or legally privileged. If you have received this message in error please notify the sender or a member of the Communications team immediately by reply e-mail and then delete this message from your system. You must not disclose it to any other person or third party who is not on the original distribution. BAE SYSTEMS MARINE Limited. Registered number is 00229770. Registered Office: Warwick House, PO Box 87, Farnborough Aerospace Centre, Farnborough, Hampshire, GU14 6YU This document contains sensitive information of the United Kingdom Government which is not available in the public domain in the United Kingdom. It is provided to the United States Government and/or United States Contractors acting on behalf of the United States Government on the condition that it is not released to the public without the approval of the United Kingdom Government. BAE Systems may process information about you that may be subject to data protection laws. For more information about how we use your personal information, how we protect your information, our legal basis for using your information, your rights and who you can contact, please refer to our Privacy Notice at www.baesystems.com/en/privacy *************************************************************************************
On Thu, 8 Nov 2018 11:55:35 +0000 "Walsh, Tony \(UK\) via samba" <samba at lists.samba.org> wrote:> Hi > Running Samba 4.9 AD DC on CentOS 7 and would like to join the server > to the domain that it serves out. This is to manage user access to > roaming profiles. Can anyone advise whether this is > > 1. Possible > > 2. Advisable > > 3. What pitfalls there are >Bit confused here, when you provision a Samba AD DC (and you only provision one DC in a domain), it joins the domain as part of the provision. You then go on to join other machines to the first DC. It sounds like you already have an existing domain and now have a new Samba AD DC. I think you are going to have to give us more info. Rowland
On Fri, 9 Nov 2018 09:41:47 +0000 "Walsh, Tony (UK)" <tony.walsh at baesystems.com> wrote:> Hi Rowland > Thanks for the quick response. > I need to correct one error. I said samba 4.9 but it is samba 4.4. > > There is just one AD DC. > Used samba-tool to set it up as AD DC. It has worked well for a few > years serving 50+ Windows/Linux clients. > > However, if it is part of the domain should I be able to login to the > server with a domain account? If I issue following command I get no > such user > > [root at DC1]# id domain\\user > id: domain\administrator: no such user >No, as standard, without the correct packages installed or links created, this is correct, the Unix OS doesn't known the AD users. Also, you shouldn't use 'Administrator' on a Unix machine, you should use 'root'. Can I suggest you get another DC and upgrade Samba whilst doing so, 4.4.x is EOL as far as Samba is concerned. You can get Centos 4.8.6 packages here: http://www.ezplanet.net/xwiki/bin/view/EzPlanetRepo/ You could try running something like this on your DC: authconfig --enablekrb5 --enablewinbindauth --enablewinbindkrb5 --disablesssd --disablesssdauth --enableforcelegacy --enablemkhomedir --update and restart Samba Rowland
On Fri, Nov 9, 2018 at 5:25 AM Rowland Penny via samba <samba at lists.samba.org> wrote:> You can get Centos 4.8.6 packages here: > > http://www.ezplanet.net/xwiki/bin/view/EzPlanetRepo/I assume you meant "Samba 4.8.6". CentOS and RHEL 4 are very, very seriously obsolete and unsupportable today.