Hi, I have set up an Ubuntu 14.04-64 bits workstation to join a samba 4 domain and is apparently running perfectly. However I need to put 300 stations in the domain, so I thought I'd create a iSO to facilitate the work. Thus I would like resolving some doubts before generating the ISO image: 1) Must be put the client's netbios name in smb.conf or is optional, as below? /etc/samba/smb.conf [global] *netbios name = client1 * workgroup = EMPRESA security = ads realm = EMPRESA.COM encrypt passwords = yes dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab preferred master = no idmap config *:backend = tdb idmap config *:range = 2000-9999 idmap config EMPRESA:backend = ad idmap config EMPRESA:schema_mode = rfc2307 idmap config EMPRESA:range = 10000-999999 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind refresh tickets = yes vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes username map = /etc/samba/user.map 2) Must be put the hosts file only the localhost or also put the station name, as follows? /etc/hosts 127.0.0.1 localhost *127.0.1.1 client1.empresa.com <http://client1.empresa.com> client1* 3) Can I put winbind to the passwd and group in nsswitch.conf file BEFORE joining the domain? /etc/nsswitch.conf passwd:compat *winbind* group:compat* winbind* shadow:compat hosts:files mdns4_minimal [NOTFOUND=return] dns networks:files protocols: db files services:db files ethers:db files rpc:db files netgroup:nis 4) To generate the iSO can set everything except the entrance of the station in the domain and later only to run *net ads join* command in each computer? 5) You must install the ntp package? 6) Can anybody suggest another way for join all (300) the workstations in the samba 4 domain? Thanks, Márcio
On 06/01/16 19:34, Marcio Demetrio Bacci wrote:> Hi, > > I have set up an Ubuntu 14.04-64 bits workstation to join a samba 4 domain > and is apparently running perfectly. However I need to put 300 stations in > the domain, so I thought I'd create a iSO to facilitate the work. > > Thus I would like resolving some doubts before generating the ISO image: > > 1) Must be put the client's netbios name in smb.conf or is optional, as > below? > > /etc/samba/smb.conf > > [global] > > *netbios name = client1 *netbios name is not required, it will be set (in the background) for you> > workgroup = EMPRESA > > security = ads > > realm = EMPRESA.COM > > encrypt passwords = yesYou don't need 'encrypt passwords' , this is the default> > dedicated keytab file = /etc/krb5.keytab > > kerberos method = secrets and keytab > > preferred master = no > > idmap config *:backend = tdb > > idmap config *:range = 2000-9999 > > idmap config EMPRESA:backend = ad > > idmap config EMPRESA:schema_mode = rfc2307 > > idmap config EMPRESA:range = 10000-999999 > > winbind nss info = rfc2307 > > winbind trusted domains only = no > > winbind use default domain = yes > > winbind enum users = yes > > winbind enum groups = yes > > winbind refresh tickets = yes > > vfs objects = acl_xattr > > map acl inherit = Yes > > store dos attributes = Yes > > username map = /etc/samba/user.map > > > 2) Must be put the hosts file only the localhost or also put the station > name, as follows? > > /etc/hosts > > 127.0.0.1 localhost > > *127.0.1.1 client1.empresa.com <http://client1.empresa.com> > client1*If you are using dhcp, you do not need the '127.0.1.1.' line, if you are using Network Manager with dnsmasq, stop Network Manager using dnsmasq. If it is a fixed ip machine, replace '127.0.1.1' with the ip.> > > 3) Can I put winbind to the passwd and group in nsswitch.conf file > BEFORE joining > the domain? > > /etc/nsswitch.conf > > passwd:compat *winbind* > > group:compat* winbind*Yes, it won't have any affect, if the machine is not joined to the domain.> shadow:compat > > hosts:files mdns4_minimal [NOTFOUND=return] dns > > networks:files > > protocols: db files > > services:db files > > ethers:db files > > rpc:db files > > netgroup:nis > > > 4) To generate the iSO can set everything except the entrance of the station in > the domain and later only to run *net ads join* command in each computer?The only problem I can see is the hostname, but you can probably work around this.> 5) You must install the ntp package? >Very recommended, your clients and DCs must be using the same time, set up ntp on the DCs and then on the clients, but use the DCs as the time servers.> 6) Can anybody suggest another way for join all (300) the workstations in > the samba 4 domain? >You could pre-create the workstations in AD, then write a script to join the domain after the installation. This is Unix, so there are probably lots of ways of doing this :-) Rowland> > Thanks, > > Márcio
Hello, If you use DHCP, and configure it to give a fixed address to each host, then the hostname can be configured on the dhcp server. --------------------------------------------- Christophe Borivant Responsable d'exploitation informatique +33 5 62 20 71 71 (Poste 503) Devinlec - Groupe Leclerc -------------------------------------------- ----- Mail original ----- De: "Rowland penny" <rpenny at samba.org> À: "samba" <samba at lists.samba.org> Envoyé: Mercredi 6 Janvier 2016 21:13:32 Objet: Re: [Samba] Doubts about Samba 4 Clients On 06/01/16 19:34, Marcio Demetrio Bacci wrote:> Hi, > > I have set up an Ubuntu 14.04-64 bits workstation to join a samba 4 domain > and is apparently running perfectly. However I need to put 300 stations in > the domain, so I thought I'd create a iSO to facilitate the work. > > Thus I would like resolving some doubts before generating the ISO image: > > 1) Must be put the client's netbios name in smb.conf or is optional, as > below? > > /etc/samba/smb.conf > > [global] > > *netbios name = client1 *netbios name is not required, it will be set (in the background) for you> > workgroup = EMPRESA > > security = ads > > realm = EMPRESA.COM > > encrypt passwords = yesYou don't need 'encrypt passwords' , this is the default> > dedicated keytab file = /etc/krb5.keytab > > kerberos method = secrets and keytab > > preferred master = no > > idmap config *:backend = tdb > > idmap config *:range = 2000-9999 > > idmap config EMPRESA:backend = ad > > idmap config EMPRESA:schema_mode = rfc2307 > > idmap config EMPRESA:range = 10000-999999 > > winbind nss info = rfc2307 > > winbind trusted domains only = no > > winbind use default domain = yes > > winbind enum users = yes > > winbind enum groups = yes > > winbind refresh tickets = yes > > vfs objects = acl_xattr > > map acl inherit = Yes > > store dos attributes = Yes > > username map = /etc/samba/user.map > > > 2) Must be put the hosts file only the localhost or also put the station > name, as follows? > > /etc/hosts > > 127.0.0.1 localhost > > *127.0.1.1 client1.empresa.com <http://client1.empresa.com> > client1*If you are using dhcp, you do not need the '127.0.1.1.' line, if you are using Network Manager with dnsmasq, stop Network Manager using dnsmasq. If it is a fixed ip machine, replace '127.0.1.1' with the ip.> > > 3) Can I put winbind to the passwd and group in nsswitch.conf file > BEFORE joining > the domain? > > /etc/nsswitch.conf > > passwd:compat *winbind* > > group:compat* winbind*Yes, it won't have any affect, if the machine is not joined to the domain.> shadow:compat > > hosts:files mdns4_minimal [NOTFOUND=return] dns > > networks:files > > protocols: db files > > services:db files > > ethers:db files > > rpc:db files > > netgroup:nis > > > 4) To generate the iSO can set everything except the entrance of the station in > the domain and later only to run *net ads join* command in each computer?The only problem I can see is the hostname, but you can probably work around this.> 5) You must install the ntp package? >Very recommended, your clients and DCs must be using the same time, set up ntp on the DCs and then on the clients, but use the DCs as the time servers.> 6) Can anybody suggest another way for join all (300) the workstations in > the samba 4 domain? >You could pre-create the workstations in AD, then write a script to join the domain after the installation. This is Unix, so there are probably lots of ways of doing this :-) Rowland> > Thanks, > > Márcio-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba