I'm new to samba/AD on Linux, so please go easy on me. I've been trying
for a
bit to set this up and am having some success and some not.
I am running Ubuntu Server 16.04 LTS and Samba
I am able to successfully have a client PC join the Domain, and then
authenticate/login using credentials from the AD. However, that's about as
far as I can get.
I'm trying to have roaming profiles and home directories but can't seem
to
get there. When I try to administer the domain from a Windows 7 PC, I get
"Cannot find a server in the MYDOMAIN domain that is running the Active
Directory Web Server (ADWS)." And I'm stuck there.
My smb.conf:
root at dc1:~# cat /etc/samba/smb.conf
[global]
workgroup = NSSKIN
security = ads
realm = NSSKIN.COM
kerberos method = secrets and keytab
server string = %h server (Samba, Ubuntu)
interfaces = lo, eno1
winbind use default domain = Yes
winbind expand groups = 4
winbind refresh tickets = Yes
winbind enum users = Yes
winbind enum groups = Yes
idmap config * : range = 2000-49999
idmap config * : backend = tdb
idmap config XYZ : range = 50000-60000
idmap config XYZ : backend = rid
template shell = /bin/bash
template homedir = /home/%U
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
dns forwarder = 192.168.1.1
server role = active directory domain controller
[share]
comment = share
path = /share
read only = No
vfs objects = full_audit
full_audit:success = connect opendir disconnect unlink mkdir rmdir
open rename
full_audit:failure = connect opendir disconnect unlink mkdir rmdir
open rename
full_audit:prefix = %u|%I|%M|%S
full_audit:priority = notice
full_audit:facility = local5
acl_xattr:ignore system acls = yes
force create mode = 0660
force directory mode = 0660
[netlogon]
path = /var/lib/samba/sysvol/nsskin.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[profiles]
path = /var/lib/samba/profiles
read only = no
[homes]
valid users = @sambashare, at users
writeable = yes
path = /var/lib/samba/home
As I said, I'm not new to Linux/UNIX, but this whole Windows/Active
Directory/Domain Controller stuff is voodoo to me.
TIA<
dg
--
View this message in context:
http://samba.2283325.n4.nabble.com/RPC-Server-is-unavailable-tp4719424p4719849.html
Sent from the Samba - General mailing list archive at Nabble.com.
On Mon, 12 Jun 2017 06:40:29 -0700 (PDT) davidgs via samba <samba at lists.samba.org> wrote:> I'm new to samba/AD on Linux, so please go easy on me. I've been > trying for a bit to set this up and am having some success and some > not. > > I am running Ubuntu Server 16.04 LTS and Samba > > > As I said, I'm not new to Linux/UNIX, but this whole Windows/Active > Directory/Domain Controller stuff is voodoo to me. >And it Voodoo, you don't do so well LOL, to paraphrase an old song. I suggest you change the [global] by removing these lines: security = ads winbind use default domain = Yes idmap config * : range = 2000-49999 idmap config * : backend = tdb idmap config XYZ : range = 50000-60000 idmap config XYZ : backend = rid vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes Everyone of them should only be used on a Unix domain member. You need to add these two lines: netbios name = <WHATEVER YOUR DCs HOSTNAME IS> idmap_ldb:use rfc2307 = yes Remove these two lines from [share] : force create mode = 0660 force directory mode = 0660 They do not work on a DC Finally, [homes] does not work on a DC, change it to this: [home] read only = No path = /var/lib/samba/home Rowland
> And it Voodoo, you don't do so well LOL, to paraphrase an old song. > > I suggest you change the [global] by removing these lines: > ...So I made all of those changes, and continue to get the same error. Hmm ... as a test, I re-ran root at dc1:~# samba-tool domain provision --use-rfc2307 --interactive and ended up with the following smb.conf: # Global parameters [global] workgroup = NSSKIN realm = NSSKIN.COM netbios name = DC1 server role = active directory domain controller dns forwarder = 192.168.1.1 idmap_ldb:use rfc2307 = yes [netlogon] path = /var/lib/samba/sysvol/nsskin.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [home] read only = No path = /var/lib/samba/home And can successfully: root at dc1:~# smbclient -L dc1.nsskin.com -U 'administrator' Enter administrator's password: Domain=[NSSKIN] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu] Sharename Type Comment --------- ---- ------- netlogon Disk sysvol Disk IPC$ IPC IPC Service (Samba 4.3.11-Ubuntu) Domain=[NSSKIN] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu] Server Comment --------- ------- DC1 dc1 server (Samba, Ubuntu) Workgroup Master --------- ------- NSSKIN DC1 And it appears that all the proper services are running properly: service --status-all ... [ - ] mountnfs-bootclean.sh [ - ] mountnfs.sh [ + ] networking [ + ] nmbd ... [ + ] samba [ + ] samba-ad-dc ... [ + ] smbd ... [ - ] winbind And yet, still, any attempt to connect from the Active Directory Domain Services management on a Win7 PC still whines that the ADWS isn't running and I can't manage anything. I can successfully logon using an AD username/password to the PC using the domain controller, but that's about as far as I can get. The net-login is great and all, but without roaming profiles and folder redirection, I'm going to spend all my time managing individual PCs at this place... dg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- View this message in context: http://samba.2283325.n4.nabble.com/RPC-Server-is-unavailable-tp4719424p4719865.html Sent from the Samba - General mailing list archive at Nabble.com.