jared.m.jacobson at L-3com.com
2013-Sep-23 16:00 UTC
[Samba] Log on to Samba 4 AD DC using domain user
Hi, all, I am having trouble figuring out how to log on to a Samba 4 AD DC using any AD domain account. Has anyone had success doing this? If so, is there a guide somewhere? I have stood up a Samba 4 Active Directory Domain Controller on a Red Hat 6.3 system, and it appears to be functioning correctly. I have a Windows 7 workstation, a Windows 2008R2 storage server, and two other Red Hat servers (running Samba 3.6.9) joined to the domain, and I can log in to all the systems except the DC using domain accounts. How do I configure the AD DC to allow login? So far I've tried following the guidance in the Red Hat "Integrating Red Hat Enterprise 6 with Active Directory <http://www.redhat.com/resourcelibrary/reference-architectures/integrati ng-red-hat-enterprise-linux-6-with-active-directory> ", the Samba wiki's pages "Local user management and authentication/sssd <https://wiki.samba.org/index.php/Local_user_management_and_authenticati on/sssd> " and "Local user management and authentication/nslcd <https://wiki.samba.org/index.php/Local_user_management_and_authenticati on/nslcd> ". I've tried following the Samba wiki page "Samba 4/Winbind <https://wiki.samba.org/index.php/Samba4/Winbind> ". None of them have worked. Thanks for any help you can offer. Jared _________________________________________ Jared Jacobson, CISSP Information Assurance Engineer L-3 Communications - Communications Systems West Desk: (801) 594-3669 Cell: (801) 530-9191 E-mail: jared.m.jacobson at L-3com.com
On Mon, 2013-09-23 at 10:00 -0600, jared.m.jacobson at L-3com.com wrote:> Hi, all, > > > > I am having trouble figuring out how to log on to a Samba 4 AD DC using > any AD domain account. Has anyone had success doing this? If so, is > there a guide somewhere?Hi Each domain user must have a uidNumber and a gidNumber to be able to authenticate to a Linux system such as Samba4. You can use winbind, nss-ldapd or sssd to do that. I'd recommend storing the numbers in AD and pulling them direct rather than a separate mapping. HTH Steve